Why IT Admins Shouldn’t ‘Sleepwalk into Microsoft 365’
Microsoft MVP warns against moving to Microsoft 365 without a critical eye towards enhancing email security
Key Points
• With email remaining the top attack vector for cybercriminals, organizations cannot simply rely on built-in email application security.
• Cybercriminals can conduct social engineering, combined with some pretexting, to reveal whether their targets exhibit strong email security behaviors.
• Organizations need to seek out third-party vendors that can fill in the gaps in their email security.
Ninety-four percent of cyberattacks use email. Email is also one of the most critical business applications. You see where we’re going with this? Email security is extremely important. Many organizations count on buying a brand-name email application and then expect it to be secure. And while email applications can handle security fairly well, they simply cannot handle attacks as effectively as required in today’s dynamic and sophisticated threat environment.
J. Peter Bruzzese, an eight-time Exchange/Office Microsoft MVP, calls the act of deploying that well-known, brand-name email application and then forgetting about it, “sleepwalking”. His key concerns are as follows:
Security
Microsoft 365 provides basic anti-spam, malware, and spoofing protection. These foundational protections do work, but living in a security monoculture carries tremendous risk – given cybercriminals only need a single-entry point to attack – and can outweigh basic email security.
Opportunistic Attacks
Most cybercriminals, save for insider risk attacks, are looking for low-hanging fruit in their targets. Cybercriminals can conduct social engineering, combined with some pretexting, to reveal whether their targets exhibit strong email security behaviors. With “naked” Microsoft 365, opportunistic attacks can be at an all-time high.
Efficacy
As Bruzzese says, “It’s not what your security solution can stop that matters. It’s what it lets through that you really need to worry about…EOP and MDO365 do work. They DO stop stuff: spam, malware, ransomware, and malicious links or impersonation attacks.” Yet, results show these solutions letting through too many attacks for most admins’ comfort.
The Bottom Line
Without going too deep in the weeds about how Mimecast can provide a great complementary solution to Microsoft 365, Bruzzese tells the story his own way. He says to his readers, “I want you to see their solution how I see it. I won’t be able to give you every last bell and whistle of their solution, but I will certainly be able to tell you how it will add value to either your Microsoft 365 Exchange Online, hybrid, or on-premises environment.”
Email admins facing pressure to reduce email-based attacks should take the time to learn more.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!