A report by CoreView finds that 78% of Microsoft 365 admins are unmindful of security and data governance protocols and lack basic security protections, enabling hackers to crack these high-level accounts and make off with company credentials.
Microsoft became the unexpected coronavirus winner, but in the rush to remote work, many organizations underestimated the security and governance responsibilities in Microsoft 365 environments and provided their admins with more control over sensitive data, a newly-released report Opens a new window by CoreView, cloud management tool finds.
Amid the large-scale pivot to remote work, Microsoft received a significant boost. But as companies embrace cloud applications, IT is making things easier for the hackers and bad actors by leaving critical data and apps vulnerable to external and internal cyberattacks.
Michael MorrisonOpens a new window , Chief Executive Officer at CoreView, said, “Organizations today need to provide workers with technology and tools for the digital workplace while ensuring their enterprise data is protected. CoreView’s research indicates that enterprises are failing at M365 governance and security.â€
The findings show the cause for concern:
- 78% of M365 admins have not activated multi-factor authentication (MFA): CoreView found that M365 admins particularly don’t take authentication controls seriously. MFA is one of the most essential ways to secure web applications and a SANS Software Security Institute study found that 99% of breaches can be prevented with a robust MFA.Â
- 57% M365 administrators have excessive permissions: In what could possibly be a potential avenue for insider attacks, the report found 57% M365 administrators have elevated privileges which could enable them to access, control, modify and share critical data.
- Adoption of new collaboration apps introduce risks: Communication, collaboration and operational tools are a great way to boost organization productivity, but not at the expense of security. The data shows that U.S. businesses typically utilize 1100 productivity and operations apps to meet the growing needs across business departments and locations. However, though these apps boost productivity, unsanctioned shadow IT apps present a major security challenge.
See Also: In Privacy-First Era, MSSPs Can Push the Data Protection Envelope
Cost of Inaction
GartnerOpens a new window predicts that one-third of all attacks against enterprises will be due to shadow IT. A lax attitude toward M365 comes from the notion that apps have built-in data governance protocols, which leads to a false sense of security. Though Microsoft also provides Advanced Threat Protection (ATP) that packs anti-phishing technology, it may cost extra.
Meanwhile, Account Takeover attacks (ATO) are one of the primary tactics to hamstring O365 systems. CoreView Opens a new window found that 30% of all O36 shops had accounts compromised due to ATO and hackers sent over 1.5 million malicious and junk emails.
As a result, it is crucial that organizations perform a thorough review of cloud apps before implementation and set up appropriate review and monitoring mechanisms. “Enterprises must ensure they have the processes and tools, including CoreView, in place to help securely migrate and operate within the world’s leading SaaS productivity platform, M365,†says Morrison, in closing.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!