Organizations Need to Supplement Microsoft Security
Reliance on one security approach undermines cyber preparedness, and other key takeaways from The State of Email & Collaboration Security Report 2024
Key Points
- While human risk is the top cybersecurity threat for organizations, not supplementing Microsoft™ security remains a very risky problem.
- Email is still the primary vector for cyber threats and not supplementing Microsoft 365 security apps with additional security solutions can lead to increased successful malware, spam, and phishing attacks.
- Microsoft’s safeguards should be complemented with other security tools and employee education to achieve a reasonable degree of cyber preparedness and better manage human risk.
According to our State of Email & Collaboration Security 2024 Report, human risk remains the number one cybersecurity threat for businesses. Bad actors prey on employees across organizations — from the IT department to customer-facing employees to the executive leadership team.
As technology evolves and presents new threats in the form of tools like AI and deepfakes, it’s time for leaders to take a proactive approach to mitigate risk and better equip their teams to defend against these emerging threats.
Here are some key takeaways from our annual report that all companies, regardless of industry or size, should pay attention to:
Be Sure to Secure All Critical Systems and Platforms – Starting with Email
Email is still the primary vector for cyber threats like phishing, spoofing, and ransomware. Strong email security is crucial to defending against these threats, and it depends on multilayered protections that can tackle increasingly sophisticated attacks. We saw this happen just recently with the Microsoft™ attack in January where elite Russian state-sponsored actors tried breaking into corporate email accounts, and reportedly compromised email accounts of several senior executives. Months after the initial news broke, the attack is still not fully contained, exposing just how dangerous new-age, sophisticated attackers can be.
Businesses are Overly Reliant on Microsoft 365™
Speaking of Microsoft – our research shows that to contain spending, 35% of the respondents say they have been blocked from investing in cybersecurity solutions apart from those provided by Microsoft 365’s E3 or E5.
The protections provided by the Microsoft software suite, however, are more efficient when paired with additional security solutions. Most significantly, on their own, without the use of additional, non-native security tools, respondents said Microsoft 365 productivity app’s native security protections were unable to prevent malware (37%), spam (33%) or phishing (33%) attacks. Almost as many (32%), said that by themselves the Microsoft 365 security apps could not block BEC and spoofing attacks against their companies.
Human Risk Is the Top Cause of Breaches
No matter what processes and technologies are deployed, strong cybersecurity depends primarily on the behavior of people. Our research shows 75% of IT and cyber professionals say their company is at risk of inadvertent data leaks by careless or negligent employees.
To mitigate the huge security gap created by human risk, companies must embrace proactive, adaptive forms of cyber awareness training. By identifying which employees are most vulnerable and engaged in the riskiest behaviors, IT teams can provide individualized training to address those behaviors and safeguard against threats.
The Bottom Line
Many respondents feel their efforts are undercut by inadequate budgets and limitations on how those monies can be spent. Trying to save on costs by restricting cybersecurity spending to those tools included in Microsoft 365 is a self-defeating proposition. Microsoft’s safeguards are simply more effective when paired with additional tools; they need to be complemented with other security tools and employee education to achieve a reasonable degree of cyber preparedness and better manage human risk.
Download our The State of Email & Collaboration Security Report 2024 to learn more.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!