Threat: As hackers know all too well, passwords can be a pretty flimsy key to the kingdom of your data. If you’re an Office 365 user, moreover, that kingdom is loaded with potentially valuable information in Outlook emails, OneDrive folders, SharePoint libraries, and Teams sites.
“All of these resources are tied together, so all you have to do is get in one place and now you have access to whatever that individual has,” notes Jim Hansen, vice president of security products at SolarWinds. Mobile devices make especially tempting targets, he adds.
“Because it’s not sitting within the perimeter, that’s the only thing you’ve got to bypass is that silly little password that that person put on it,” Hansen says.
Better yet, from a hacker’s point of view, there were 155 million Office 365 users worldwide to target as of last October, and millions more undoubtedly by now. No wonder Microsoft is the most impersonated brand on phishing pages, according to research from email security vendor Vade Secure.
“Microsoft is like a magnet,” observes Adrien Gendre, the company’s chief solutions architect.
Data isn’t the only bounty attackers are pursuing either. According to Gendre, cybercriminals are increasingly using highjacked Office 365 inboxes as a launching pad for phishing campaigns. After all, he notes, even security software armed with anti-spoofing capabilities will have a hard time spotting phony emails sent from a legitimate address.
“It’s not even an impersonation anymore,” Gendre observes. “It’s just using somebody’s account.”
Countermeasure: Once again, a combination of artificial intelligence and security awareness training is the best way to keep would-be credential thieves at bay. Gendre recommends administering the training in real time too, whenever your security software spots ill-advised behavior, rather than during once- or twice-a-year refresher courses.
“The training should be given on the fly as it happens,” he says. “We learn from emotion and we remember from emotion. This is how the human brain is designed. Users will remember more if we teach them when they realize they almost did something [foolish].”
More Galleries like This
At the managed services vendor’s Navigate conference this week, CEO Michael George (pictured) walked attendees through what he contends is an inescapable set of both existential threats and massive opportunities for managed service providers
Experts from SolarWinds, Trend Micro, Vade Secure, WatchGuard Technologies, and Webroot discuss five things worth worrying about online, and suggested countermeasures for mitigating them.
If you simply can’t get enough vendor news from this year’s CompTIA ChannelCon event you’re in luck. We’ve got one last round of updates for you from ESET, ID Agent, Intermedia, and Barracuda MSP.
Datto, NinjaRMM, The 20, Connect Booster, SOCSoter, and Nexogy share details on what's happening now and what's coming up next for channel pros.
Intel, Kaspersky Lab, Barracuda, AlienVault, and RapidFire Tools are among the many vendors who made security news on the second day of this year’s RSA Conference.