Microsoft 365

    Organizations Need to Supplement Microsoft Security

    Reliance on one security approach undermines cyber preparedness, and other key takeaways from The State of Email & Collaboration Security Report 2024

    by Norman Guadagno

    Key Points

    • While human risk is the top cybersecurity threat for organizations, not supplementing Microsoft™ security remains a very risky problem.
    • Email is still the primary vector for cyber threats and not supplementing Microsoft 365 security apps with additional security solutions can lead to increased successful malware, spam, and phishing attacks.
    • Microsoft’s safeguards should be complemented with other security tools and employee education to achieve a reasonable degree of cyber preparedness and better manage human risk.

    According to our 2024 State of Email and Collaboration Security Report, human risk remains the number one cybersecurity threat for businesses. Bad actors prey on employees across organizations — from the IT department to customer-facing employees to the executive leadership team. 

    As technology evolves and presents new threats in the form of tools like AI and deepfakes, it’s time for leaders to take a proactive approach to mitigate risk and better equip their teams to defend against these emerging threats. 

    Here are some key takeaways from our annual report that all companies, regardless of industry or size, should pay attention to:

    Be Sure to Secure All Critical Systems and Platforms – Starting with Email

    Email is still the primary vector for cyber threats like phishing, spoofing, and ransomware. Strong email security is crucial to defending against these threats, and it depends on multilayered protections that can tackle increasingly sophisticated attacks. We saw this happen just recently with the Microsoft™ attack in January where elite Russian state-sponsored actors tried breaking into corporate email accounts, and reportedly compromised email accounts of several senior executives. Months after the initial news broke, the attack is still not fully contained, exposing just how dangerous new-age, sophisticated attackers can be.

    Businesses are Overly Reliant on Microsoft 365™

    Speaking of Microsoft – our research shows that to contain spending, more than one-third of the respondents (35%) say they have been blocked from investing in cybersecurity solutions apart from those provided by Microsoft 365’s E3 or E5. 

    The protections provided by the Microsoft software suite, however, are more efficient when paired with additional security solutions. Most significantly, on their own, without the use of additional, non-native security tools, one-third of the respondents said Microsoft 365 productivity app’s native security protections were unable to prevent malware (37%), spam (33%) or phishing (33%) attacks. Almost as many (32%), said that by themselves the Microsoft 365 security apps could not block BEC and spoofing attacks against their companies.

    Human Risk is the Top Cause of Breaches

    No matter what processes and technologies are deployed, strong cybersecurity depends primarily on the behavior of people. Our research shows 75% of IT and cyber professionals say their company is at risk of inadvertent data leaks by careless or negligent employees.

    To mitigate the huge security gap created by human risk, companies must embrace proactive, adaptive forms of cyber awareness training. By identifying which employees are most vulnerable and engaged in the riskiest behaviors, IT teams can provide individualized training to address those behaviors and safeguard against threats. 

    The Bottom Line

    Many respondents feel their efforts are undercut by inadequate budgets and limitations on how those monies can be spent. Trying to save on costs by restricting cybersecurity spending to those tools included in Microsoft 365 is a self-defeating proposition. Microsoft’s safeguards are simply more effective when paired with additional tools; they need to be complemented with other security tools and employee education to achieve a reasonable degree of cyber preparedness and better manage human risk. 

    Download our The State of Email & Collaboration Security 2024 Report to learn more. 


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top