USA +1 813 304 2544 IRL +353 91 54 55 00

TitanHQ Blog

Protecting Office 365 from Attack

Posted by Geraldine Hunt on Fri, Sep 15th, 2017

As ransomware and phishing attacks increase, Office 365 has become a primary target, making it vital for IT professionals to take proactive steps with O365 email security and "hack-proof" their environments. A comprehensive 2016 study by Skyhigh Networks found that 71.4 per cent of corporate Office 365 users have at least one compromised account each month. The research was based on a survey of 600 enterprises and 27 million users.

Office 365 is a stellar example of the success and acceptance of the cloud.  It is the most widely used enterprise cloud service in the world, boasting more than 70 million active users.  An astonishing 78 percent of IT decision makers use or plan to use Office 365 in 2017, while 70% of Fortune 500 companies have already purchased Office 365 for their users.  Not all of them utilize email services in Office 365.  Some just use the applications suite or OneDrive.  According to Gartner, less than 10% of enterprises use Office 365 email services, although they have an 80% market share for large public companies that use cloud based email services.  In the end, it seems conclusive that more companies will migrate their email services to Office 365 in the coming years.

Why MSPs Offer Add On Spam Filtering to their Office 365 Customers

This can be disheartening for managed service providers who have used email box services as an income stream for many years. Selling Office 365 subscriptions is not much of a consolation for them either as the margins for Office 365 are so low.  On the surface, it seems that Office 365 presents a real challenge to MSP’s who want to hold on to their customers.  However, in the same way that MSP’s have been making money offering support services and solutions for the Microsoft OS, there is ample opportunity to provide valued added service to their customers and their Office 365 email services.

Office 365 is a Big Target for Hackers

There is one big problem with being the big kahuna in the cloud email space – you become the #1 target for hackers and phishing masterminds.  Ironically, Microsoft finds themselves the victims of their own success in the same manner as they have for their operating systems over the years.  When vast multitudes of people use the same operating system, hackers can simply concentrate on that OS and not waste time on others.  Similarly, if millions of users use the same email cloud service that utilizes the same set of security tools, hackers can simply devote their resources and time to circumvent them through discovered weaknesses and exploits.  Just as users get more bang for the buck by migrating their email services to Office 365, hackers get more bang for the buck by having so many enterprise users concentrated into one platform.

You may have never thought about it, but phishing creators and hackers use Office 365 as well.  They have the option to pay the subscription fee or break into another user’s account through a credential stuffing attack (which is why it is so important to have complex secure passwords).  They then use these accounts to test and research just how Microsoft security functions. 

Many Office 365 customers may assume that they are getting Microsoft’s full blanket of protection concerning their accounts.  Unfortunately, this is not the case.  All accounts do get the benefit of the default email security offering.  Microsoft however offers an additional security package called Advanced Threat Protection (ATP).  This package includes message sandboxing, link reputation checking, URL reporting/tracing, and phishing protection. To take advantage of the full suite of capabilities requires an enterprise subsection license.  Customers can also add these services in à la carte fashion but each additional service requires an additional fee.  Again, keep in mind too that the hackers have access to the sandbox as well.

Compounding Office 365 Default Email Security with an Add On Solution

So, if you have to pay extra money to get the blanket security coverage that every organization needs today to stop ransomware laced email, BEC attacks and other nasty threats, why not spend the extra money on a comprehensive solution built from the ground up by a vendor that specializes in email security?  Microsoft has indeed made great strides in cyber security as of late, yet headlines today continue to report countless exploits that hackers use to undermine their operating systems and applications.  How certain are you that Microsoft will get security right for Office 365?  Why not trust your email security with a specialist?

This is why so many enterprises are indeed turning to third party solutions to enhance the security of their Office 365 hosted email accounts.  In fact, according to a recent Gartner report, 40% of Office 365 deployments will rely on third-party tools by 2018 in order to fill gaps and meet expected security requirements and compliances.  They expect that number to rise to 50% by 2020.

The cost of prevention is far less than the cost of recovery

As was evident in the recent Petya attack that disrupted companies of all sizes for days or weeks, the cost of prevention is far less than the cost of recovery.  What’s more, many email security companies have email gateway solutions that are specifically designed to complement and integrate with Office 365. Every business is at risk for being hacked — especially SMBs with mininal security in place. According to the U.S. National Cyber Security Alliance, an alarming 60 percent of SMBs go bankrupt six months after a cyberattack!

For managed service providers, offering an add on email security solution is another way to help ensure that their customers remain safe and malware free.  The fact is that Office 365 is a great cost effective email solution for so many organizations today, and with the inclusion of an added security solution, it indeed can be the complete package you need.  

Many organization find it’s necessary to supplement their Office 365 default email security with add on solutions, like a dedicated spam filter.  This is why so many enterprises are indeed turning to third party solutions to enhance the security of their Office 365 hosted email accounts.   Rather than opt for ATP they prefer to  spend the extra money on a comprehensive solution built from the ground up by a vendor that specializes in email security.

Mitigating the risk of a security incident

The key takeaway is that it can be very difficult for organizations to fully protect themselves from sophisticated hacking and phishing attacks. Organizations are always under pressure to reduce costs but security must not be compromised, the risk is too great. 60% of SMBs companies that suffer a cyber attack are out of business within six months. Organizations need to mitigate the risk of a security incident in a meaningful way by having a robust email security infrastructure in place. This supplementing O365 with a comprehensive spam filtering solution built from the ground up by a vendor that specializes in email security.

Talk to one of our security experts today about securing  your Office 365 to prevent costly and damaging email attacks - including ransomware, spear phishing attacks, and business email compromise. 

Never Miss a Blog Post

Sign-up for email updates...


Need Help Ordering?

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us