Skip to content

How to protect Microsoft Office 365 Email from Cyber Attacks

Posted by Geraldine Hunt on Fri, Mar 16th, 2018

** UPDATE 25/09/2018:
Read our brand new, just released 2019 report on overcoming the Email Security Weaknesses in O365. 

Recent research by Osterman identifies that Microsoft Office EOP can detect 100% of all known viruses with updates every 15 minutes. However, the research found it to be less effective against unknown or new malware delivered by email. System Administrators implementing Microsoft Office 365 need to make sure it’s secure by layering in a dedicated secure messaging and spam filtering solution like SpamTitan to protect against advanced persistent threats. To protect against advanced threats you need advanced protection.
Read the free Office 365 Security report here

As ransomware and phishing attacks increase, Office 365 has become a primary target, making it vital for IT professionals to take proactive steps with O365 email security and "hack-proof" their environments. A comprehensive 2016 study by Skyhigh Networks found that 71.4 per cent of corporate Office 365 users have at least one compromised account each month. The research was based on a survey of 600 enterprises and 27 million users.

Office 365 is a stellar example of the success and acceptance of the cloud.  It is the most widely used enterprise cloud service in the world, boasting more than 70 million active users.  An astonishing 78 percent of IT decision makers use or plan to use Office 365 in 2017, while 70% of Fortune 500 companies have already purchased Office 365 for their users.  Not all of them utilize email services in Office 365.  Some just use the applications suite or OneDrive.  According to Gartner, less than 10% of enterprises use Office 365 email services, although they have an 80% market share for large public companies that use cloud-based email services.  In the end, it seems conclusive that more companies will migrate their email services to Office 365 in the coming years.

Why MSPs Offer Add On Spam Filtering to their Office 365 Customers

This can be disheartening for managed service providers who have used email box services as an income stream for many years. Selling Office 365 subscriptions is not much of a consolation for them either as the margins for Office 365 are so low.  On the surface, it seems that Office 365 presents a real challenge to MSP’s who want to hold on to their customers.  However, in the same way, that MSP’s have been making money offering support services and solutions for the Microsoft OS, there is ample opportunity to provide valued added service to their customers and their Office 365 email services.

Microsoft Office 365 Email is a Big Target for Hackers

There is one big problem with being the big kahuna in the cloud email space – you become the #1 target for hackers and phishing masterminds.  Ironically, Microsoft finds themselves the victims of their own success in the same manner as they have for their operating systems over the years.  When vast multitudes of people use the same operating system, hackers can simply concentrate on that OS and not waste time on others.  Similarly, if millions of users use the same email cloud service that utilizes the same set of security tools, hackers can simply devote their resources and time to circumvent them through discovered weaknesses and exploits.  Just as users get more bang for the buck by migrating their email services to Office 365, hackers get more bang for the buck by having so many enterprise users concentrated into one platform.

You may have never thought about it, but phishing creators and hackers use Office 365 as well.  They have the option to pay the subscription fee or break into another user’s account through a credential stuffing attack (which is why it is so important to have complex secure passwords).  They then use these accounts to test and research just how Microsoft security functions. 

Many Office 365 customers may assume that they are getting Microsoft’s full blanket of protection concerning their accounts.  Unfortunately, this is not the case.  All accounts do get the benefit of the default email security offering.  Microsoft, however, offers an additional security package called Advanced Threat Protection (ATP).  This package includes message sandboxing, link reputation checking, URL reporting/tracing, and phishing protection. To take advantage of the full suite of capabilities requires an enterprise subsection license.  Customers can also add these services in à la carte fashion but each additional service requires an additional fee.  Again, keep in mind too that the hackers have access to the sandbox as well.

Compounding Microsoft Office 365 Default Email Security with an Add-On Solution

So, if you have to pay extra money to get the blanket security coverage that every organization needs today to stop ransomware laced email, BEC attacks and other nasty threats, why not spend the extra money on a comprehensive solution built from the ground up by a vendor that specializes in email security?  Microsoft has indeed made great strides in cyber security as of late, yet headlines today continue to report countless exploits that hackers use to undermine their operating systems and applications.  How certain are you that Microsoft will get security right for Office 365?  Why not trust your email security with a specialist?

This is why so many enterprises are indeed turning to third-party solutions to enhance the security of their Office 365 hosted email accounts.  In fact, according to a recent Gartner report, 40% of Office 365 deployments will rely on third-party tools by 2018 in order to fill gaps and meet expected security requirements and compliances.  They expect that number to rise to 50% by 2020.

The cost of prevention is far less than the cost of recovery

As was evident in the recent Petya attack that disrupted companies of all sizes for days or weeks, the cost of prevention is far less than the cost of recovery.  What’s more, many email security companies have email gateway solutions that are specifically designed to complement and integrate with Office 365. Every business is at risk of being hacked — especially SMBs with minimal security in place. According to the U.S. National Cyber Security Alliance, an alarming 60 percent of SMBs go bankrupt six months after a cyber attack!

For managed service providers, offering an add-on email security solution is another way to help ensure that their customers remain safe and malware free.  The fact is that Office 365 is a great cost-effective email solution for so many organizations today, and with the inclusion of an added security solution, it indeed can be the complete package you need.  

Many organization find it’s necessary to supplement their Office 365 default email security with add-on solutions, like a dedicated spam filter.  This is why so many enterprises are indeed turning to third-party solutions to enhance the security of their Office 365 hosted email accounts.   Rather than opt for ATP they prefer to spend the extra money on a comprehensive solution built from the ground up by a vendor that specializes in email security.

Mitigating the risk of a security incident

The key takeaway is that it can be very difficult for organizations to fully protect themselves from sophisticated hacking and phishing attacks. Organizations are always under pressure to reduce costs but security must not be compromised, the risk is too great. 60% of SMBs companies that suffer a cyber attack are out of business within six months. Organizations need to mitigate the risk of a security incident in a meaningful way by having a robust email security infrastructure in place. This supplementing O365 with a comprehensive spam filtering solution built from the ground up by a vendor that specializes in email security.

Talk to one of our security experts today about securing your Office 365 to prevent costly and damaging email attacks - including ransomware, spear phishing attacks, and business email compromise. 

Read more great TitanHQ free resources on protecting Microsoft Office 365 business email from spam and cyber attacks 

1. SpamTitan for Office 365 

2. Protecting Microsoft Office 365 from Cyber Attacks   

3. Phishing attackers targeting Office 365 Business Emails 

4. Filling the email security gap in Office 365 

5. The latest phishing and spoofing attack getting through microsoft office 365 

6. Improve the spam filter for Office 365 

7. Spamtitan Spam filtering with microsoft office 365



Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us