Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Using Microsoft 365? Why Complementary Security Tools are Essential

Many enterprise organizations use Office 365 (recently renamed Microsoft 365) as a robust suite of secure communication apps, productivity tools, and even as a cloud infrastructure service. While Microsoft provides outstanding built-in security features, the sheer size of the service and its number of users creates an inviting target for threat actors. In this article, we’ll go over potential risks that organizations might face when using Microsoft 365, what built-in security tools they have access to, and what complementary tools you can use to comprehensively defend your organization.

Why Microsoft Office 365 is a target

Microsoft Office is used a lot. A PTG article recently reported that nearly 1 in 5 corporate employees use an Office 365 cloud service and by user count, Office 365 is the most widely used cloud service. Its market share is only second to Google Apps (42% vs 53%, according to Statista at the time of this writing) and a Gartner report recently noted that 58.4% of sensitive data in cloud documents are stored in office documents.

While this level of penetration, especially on the enterprise side, is good for Microsoft, it also paints a target on the tech giants’ head. Cybercriminals and nation-state actors can target Microsoft’s applications and focus their exploit development and vulnerability scanning on Microsoft software, knowing that a success in that area will allow them to deploy these exploits to a huge audience.

Threat actors, knowing that a huge majority of internet users use Microsoft 365, will develop phishing and spam campaigns taking advantage of that information or outright impersonating them.

Risks faced by Microsoft 365 users and customers

Trustwave has documented research detailing how Microsoft 365 users have been targeted with specific threats and attacks. The 2020 Global Security Report has found that over 46% of emailed malware detected in 2019 used .doc and .docx file types. We’ve also previously documented how bad actors can hide malicious code, links, or attachments in emails, leveraging Microsoft 365 documents because they’re widely used and trusted. Trustwave SpiderLabs also found that users were receiving phishing emails that prompted them to download fake Windows Updates that were actually ransomware.

There have been multiple instances of email campaigns where spammers impersonate Microsoft and link to spoofed sites designed as Microsoft log-in pages to steal victims’ log in information. According to the previously mentioned Gartner analysis, on average, “an organization experiences 2.7 threats each month within Office 365.”

Clearly the risk posed to enterprises is significant. Threats and new methods of attacks targeting Microsoft’s software continue to evolve. Fortunately, when it comes to security, there are options worth considering.

Microsoft Office security offerings

Microsoft Office provides solid protection if you’re an enterprise business premium user. While standard members get preventative measures like Windows Defender, spam filters, multi-factor authentication (MFA), and ransomware protection, premium users can also leverage messaging encryption, advanced threat protection (ATP), data loss prevention (DLP) policies, and exchange online archiving (EOA), which provide a robust way of archiving data and reducing your litigation risk.

While this suite of tools and software provide a good balance of prevention and detection, you have to ensure these cybersecurity measures are properly configured so they can work effectively with your organization’s specific environment.

If you haven’t yet, Microsoft also has a comprehensive page that details how to set up some of these tools and features for your organization.

Supplementing your existing Microsoft 365 protection

Unfortunately, as helpful as Microsoft Office’s suite of security tools is, you may have some security gaps, especially if you’re not an enterprise business premium user. And even if you do have the full suite of security products, you may not have the protection you require given how quickly threat actors move. A recent study found that 25% of detected phishing attacks bypass default security measures built into Office 365.

In order to further bolster your defenses, we recommend focusing on your email security, user rights management, and database security.

Black hat hackers are primarily going after their targets by way of phishing and targeted email attacks designed to bypass traditional detection software. Investing in the right comprehensive email security tool will be able to flag malicious emails even if hackers go to great lengths to hide the link or malicious code deep within an email or its attachment. This helps ensure you can detect an attack, giving you the opportunity to respond appropriately.

User rights management is incredibly important in the event that a cybercriminal succeeds in their attempt to steal log-in credentials. If they’re able to get into your network, their ability to access your extremely sensitive data and cause damage is limited if you’ve put in parameters limiting what access a given employee has within your network.

Database security is also essential to make sure that if a breach does happen by way of a Microsoft 365 vulnerability, you’ll be able to protect your most important assets. As we covered in a previous article, the right kind of database protection will provide visibility into the relationships of users and applications and the data objects they have access rights to, so that you can work with the business owners to reduce access. While that process is occurring, database monitoring will help you flag any anomalies or odd behaviors that may occur from a compromised employee’s account.

Microsoft 365 is an incredibly important tool for enterprises. To protect your organization, make sure you’re always updating your software, making the most of the available security tools Microsoft offers and consider leveraging additional solutions to make up for any potential gaps in detection and/or response.

To learn about how Trustwave can help you supplement your Microsoft 365 security, check out our Active Defense and Extended Protection for Office 365 or read our white paper on Office 365 security.

Latest Trustwave Blogs

Comparably Honors Trustwave with Leadership and Career Growth Awards

Comparably, the leading workplace culture and compensation monitoring employee review platform has recognized Trustwave with two major awards: 2024 Best Companies for Career Growth and 2024 Best...

Read More

Why Removing Phishing Emails from Inboxes is Crucial for Healthcare Security

The adage "data is the new oil" doesn't resonate with everyone. Personally, having grown up around cars thanks to my dad, a master mechanic, I see oil as messy and cumbersome. Data, in my view, is...

Read More

How Deepfakes May Impact Upcoming Elections Worldwide

The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person...

Read More