SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
O365 a weak point ripe for exploit, say security professionals
Wed, 24th Mar 2021
FYI, this story is more than a year old

Despite Microsoft Office 365's prevalence in businesses of all sizes, it's also a popular weak point that is ripe for exploit by cybercriminals.

In a recent survey from Vectra AI, 71% of more than 1,000 security professionals have been on the receiving end of a Microsoft 365 account takeover, on average, seven times in the last year alone.

An account takeover occurs when criminals gain access to a legitimate user's account and use this to move laterally between organisations' networks and the cloud.

Security professionals note that other areas of concern include the internet of things and connected devices.

In Asia Pacific - specifically Australia and New Zealand, 100% of respondents say their organisation's risk had increased in the last year, compared to 82% of global respondents.

“As a result of increased Microsoft Office 365 usage during COVID-19, their main security concern is now the risk of data being comprised and the ability for hackers to hide their tracks by using legitimate Microsoft tools, such as Power Automate and e-Discovery,” comments Vectra AI's APJ director of security engineering, Chris Fisher.

The report also found that 71% of respondents spotted suspicious Office 365 Power Automate behaviours.

While almost half (45%) of ANZ respondents expect to see a steep rise in attacks through the cloud, more than half will engage in more ‘proactive' threat hunting. Security professionals spend around 20% of their time on proactive threat hunting, and 20% of their time on reactive investigations, according to the survey.

Fisher notes that organisations in Asia Pacific feel more stressed because of COVID-19, particularly because there is a lack of integration between security tools and solutions, and because these take up a significant amount of time to manage.

“Entities need to focus on their networks and maintain good cyber hygiene to drive down the noise coming into security operation centres. How quickly an entity responds to a breach and identifies the attacks quickly and effectively will determine who succeeds in this fast-changing time,” Fisher says.

Globally, 58% of respondents between the capability gap between attackers and defenders is widening.

While security professionals express satisfaction in stopping attacks and protecting their organisations, they are also frustrated due to the end user's lack of understanding of cybersecurity.

58% of businesses plan to invest more money in people and technology and 52% will invest in AI and automation in 2021.
 
The global survey polled 1,112 security professionals who work in medium- to large-sized organisations equipped with Office 365.