6 Cybersecurity Challenges M365 Admins Face
The broadly adopted Microsoft 365 platform is widely targeted by cybercriminals, but purpose-built email and collaboration security solutions can help IT admins
Key Points
- The Microsoft 365 platform is mission-critical for millions of organizations.
- Securing M365 applications and activity without hampering organizational productivity is a tall order.
- Adopting a layered cybersecurity strategy — automating protection with cybersecurity solutions designed for M365 — can enable admins to better mitigate the business risk.
Microsoft 365 is used by well over one million organizations around the world, making it the most popular productivity suite among businesses. And for good reasons: Its cloud-based software components integrate seamlessly and enable companies to give their employees the tools they need to do their jobs anywhere, on any device.
However, popularity does not equal security. In part because of its prevalence, M365 — and, in particular, its email and collaboration tools — is a common target for cybercriminals. As a single target, Microsoft 365 allows for more ways in, more data to steal, and more users to trick. As many security leaders have experienced, the native cybersecurity protections built into M365 may fail to keep pace with evolving threats. More than 90% of cyberattacks start with email, and many are designed specifically to evade Microsoft's defenses.
While M365 hosting can be outsourced, cyber risk management cannot. That's why many experienced IT and security professionals opt for a multilayered, "defense-in-depth" approach that includes purpose-built security tools designed for email and collaboration tools to fill gaps and protect against likely outages, admin missteps, and attacks.
Securing M365: IT admins' biggest headaches
IT admins face a number of cybersecurity challenges when managing an M365 platform. Understanding these common issues, particularly in supporting the email and collaboration tools within M365, can help organizations develop a stronger cybersecurity strategy for protecting their networks and data.
1. Good enough security isn't good enough
In the old days of mostly on-premises productivity software, there was a clear case for the adoption of additional cybersecurity solutions to detect and protect against cyber threats. One of the benefits of modern hosted business solutions is the ability to offload some of the associated worry and overhead. Indeed, many business leaders expect that adoption of a leading cloud-based business software suite delivers adequate, reliable built-in protections.
Cloud-based products, like M365, offer functionality in the areas of security, compliance, continuity, and recoverability, as laid out in their contracts. However, single-layer defenses fall short. IT admins recognize the value of deploying additional tools designed to keep pace with today's ever-changing and complex cyber threat environment. Email remains the primary entry point for cyberattacks, with collaboration tools not far behind. M365 has integrated safeguards against malware, for example, but establishing multiple points of protection (including AI-powered email security) increases its cybersecurity exponentially. The key is making the case for these additional investments to business leaders. A gateway-less, API-based solution tailor-made for the M365 environment can connect in minutes — with no MX record changes and no disruption to mail flow — to instantly increase protection against sophisticated email-borne attacks.
2. Employees are only human
While email may be the most common entry point for bad guys, it is an organization's users who often let them in. One of the biggest headaches for IT admins charged with managing the M365 environment is user behavior. One wrong click can expose the organization's network to cyber adversaries. Even IT admins can make mistakes. One of the best ways companies can help their admins secure their M365 environments is to invest in consistent, up-to-date security behavior management, for everyone from the owner of the company, to line managers, to systems admins themselves. Real-time warning banners that alert employees to suspicious content across their devices can also help users make smarter decisions in the moment.
3. M365 is more than just email
While Outlook is likely the most frequently used M365 application, Microsoft's productivity suite could come with more than 20 applications installed, including OneDrive, Word, Excel, PowerPoint, OneNote, SharePoint, and Teams. Some of these tools, like Teams, are newer, while the SharePoint application is now a couple of decades old. Each one comes with its own security challenges and, importantly, is a separate attack surface for IT admins to secure and monitor. Most of these applications have Internet-facing connectivity to enable, for example, file sharing or chat, inherently creating network-level exposure. And it doesn't seem to matter whether the organization is actually using the application; if it appears live and available, it's exploitable by cybercriminals. Therefore, it's incumbent on admins to restrict availability of unused applications as well. Extending protection beyond email to collaboration tools like Microsoft Teams, SharePoint, and OneDrive — detecting malicious links, files, and conversations in real time — helps keep the entire collaboration ecosystem safe.
4. Securing systems without stifling collaboration is a balancing act
The use of cloud-based business software platforms, like M365, boomed during the COVID-19 pandemic, enabling organizations to quickly adapt to remote work with anywhere-access to email, real-time chat, collaboration, file sharing, video conferencing, and more. Yet all of that functionality has left organizations with additional vulnerability. In addition to threats like malware and phishing that arrive via email, cybercriminals quickly developed tactics to exploit capabilities including videoconferencing, file sharing, and chat as ways to slip into corporate networks. The continuous connectivity that M365 applications provide is essential to business performance, particularly in an era defined by remote and hybrid work models, but it also has created new footpaths that bad actors can use.
For example, cybercriminals can use file-sharing functionality (built into several different M365 applications) to install viruses, worms, spyware, and other malicious code. And bad actors can use some of their social engineering tactics in new ways via chat or videoconference. Admins must walk the line to protect their organizations' data and networks without stifling collaboration and productivity. Security shouldn't come at the cost of productivity. An important first step is to classify all sensitive data, back that data up, and restrict access to a need-to-know basis. Establishing best practices for collaboration and file sharing — including, for example, password protection, file encryption, virus scanning, system monitoring, and expiring links — is also essential.
5. The dangers of unauthorized access abound
As highlighted above, a key benefit of M365 applications is the ability to share insight and collaborate. It's also a big business risk. While IT admins want to provide employees with adequate entry to these mission-critical apps, unmitigated access exposes the organization to greater cyber risk. And outsiders aren't the only problem. Admins must ensure that the accounts of employees or contractors who no longer work for the company are disabled. Identity and access management become indispensable when securing the M365 environment. Instituting role-based access — giving employees and contractors access to only the applications and information necessary to perform a task — and setting appropriate security restrictions for each user within an application are critical tasks. An identity and access management system that integrates with the M365 platform can also make an admin's job easier by automating defenses, improving governance, and coordinating incident response.
6. Credential-based attacks create broad exposure
Along with controlling access to M365 applications is the challenge of preventing the loss or theft of credentials used to log in to the platform. If one of an organization's M365 credentials gets into the wrong hands, there is potential for a severe data breach or other cyberattack. In fact, most data breaches are linked to stolen credentials. Given the broad adoption of M365 by companies around the world, it's an easy target for credential phishing attacks as well. Once a bad actor has a working login for M365, they have access to that user's email account, SharePoint folders, OneDrive files, Teams sessions, and more. If they procure an admin's credentials, the risk skyrockets. Microsoft itself recommends having no more than four global admins for this very reason. Solutions that can help include identity and access management, email scanning capabilities, security behavior management, multifactor authentication, and insider threat monitoring.
The bottom line
Although M365 has built-in security measures, IT admins still must manage an array of risks and vulnerabilities on a daily basis. Wrapping additional cybersecurity tools and processes around the cloud-based productivity platform can ease the burden. Investing in security tools specifically designed to work with M365 out of the box deepens protections without impeding day-to-day business operations.
Mimecast Advanced Email Security strengthens Microsoft 365's native defenses with fully integrated, AI-powered detection and global threat intelligence across email and collaboration channels. Mimecast is proud to protect and support more than 42,000 organizations globally as they navigate the ever-expanding threat landscape. Learn more by requesting a Proof of Value assessment today.
**This blog has been updated from a previous version.
Suscríbase a Cyber Resilience Insights para leer más artículos como éste
Reciba las últimas noticias y análisis del sector de la ciberseguridad directamente en su bandeja de entrada
Inscríbase con éxito
Gracias por inscribirse para recibir actualizaciones de nuestro blog
¡Estaremos en contacto!