Threat: As hackers know all too well, passwords can be a pretty flimsy key to the kingdom of your data. If you’re an Office 365 user, moreover, that kingdom is loaded with potentially valuable information in Outlook emails, OneDrive folders, SharePoint libraries, and Teams sites.
“All of these resources are tied together, so all you have to do is get in one place and now you have access to whatever that individual has,” notes Jim Hansen, vice president of security products at SolarWinds. Mobile devices make especially tempting targets, he adds.
“Because it’s not sitting within the perimeter, that’s the only thing you’ve got to bypass is that silly little password that that person put on it,” Hansen says.
Better yet, from a hacker’s point of view, there were 155 million Office 365 users worldwide to target as of last October, and millions more undoubtedly by now. No wonder Microsoft is the most impersonated brand on phishing pages, according to research from email security vendor Vade Secure.
“Microsoft is like a magnet,” observes Adrien Gendre, the company’s chief solutions architect.
Data isn’t the only bounty attackers are pursuing either. According to Gendre, cybercriminals are increasingly using highjacked Office 365 inboxes as a launching pad for phishing campaigns. After all, he notes, even security software armed with anti-spoofing capabilities will have a hard time spotting phony emails sent from a legitimate address.
“It’s not even an impersonation anymore,” Gendre observes. “It’s just using somebody’s account.”
Countermeasure: Once again, a combination of artificial intelligence and security awareness training is the best way to keep would-be credential thieves at bay. Gendre recommends administering the training in real time too, whenever your security software spots ill-advised behavior, rather than during once- or twice-a-year refresher courses.
“The training should be given on the fly as it happens,” he says. “We learn from emotion and we remember from emotion. This is how the human brain is designed. Users will remember more if we teach them when they realize they almost did something [foolish].”
More Galleries like This
CharTec, CloudJumper, Connect Booster, EventTracker, Liongard, and newcomer RocketCyber all used the recently concluded conference as a launching pad for news about new solutions and services.
An updated security awareness training solution from Webroot, an enhanced SD-WAN solution from Citrix, and a forthcoming mobile DNS filtering product from WatchGuard are our final trio of product-related stories from last week’s giant security confab.
Experts from SolarWinds, Trend Micro, Vade Secure, WatchGuard Technologies, and Webroot discuss five things worth worrying about online, and suggested countermeasures for mitigating them.
Held last week in Los Angeles, the first of the distributor’s live events for 2018 showcased mobility, security, IoT, and vertical industry solutions, among other opportunities, as hot markets for SMB resellers in 2018
If you simply can’t get enough vendor news from this year’s CompTIA ChannelCon event you’re in luck. We’ve got one last round of updates for you from ESET, ID Agent, Intermedia, and Barracuda MSP.