Why is Office 365 A Rich Target for Hackers and What To Do About It?

I get it, the world is moving to Office 365.  It’s got to be so much easier to administer and not have to deal with Exchange servers.  There’s also a wealth of features and security options.  However, the type and amount of data, plus ties into Azure Active Directory make Office 365 a rich target for hackers.

Office 365 offers email, SharePoint, Teams, Project and other applications that contain sensitive data.  All of that data is accessible from anywhere in the world and given enough time hackers can pour through files and messages to capture confidential information.  The availability of these applications for all users make it important to set up and manage user privileges. 

Office 365 also has tie-ins to Azure Active Directory.  Just think what cracking open Azure AD can provide: names,  titles, email, phone #, address, etc.  Again, confidential information that can be used against a company like targeted attacks, email fraud and others.  Azure AD also contains non-standard accounts like service accounts.  When we pen test an organization, the process for getting a complete user list takes less than 2 minutes after compromise and is almost never detected.  All it takes is compromised credentials to log into Azure portal.  Using Office 365 MFA (multi factor authentication) helps tremendously, however we often see spotty coverage.  MFA is often missing from non-standard user or service accounts, those accounts that don’t have a human associated with them. Don’t assume that since you have MFA that you are good, we’ve seen too many holes and customer issues.  Make sure you have MFA coverage on all.

All of the security options offered by Office 365 can be daunting and expertise is hard to come by.  How do you know the proper controls are in place to thwart hacks and detect their efforts?  Establish a baseline.   A good penetration test will help establish a baseline of risk and help you understand how your Office 365 looks through the eyes of an attacker. 

What can you do to reduce Office 365 risk?

  • Restrict access to sensitive files
  • Enable MFA on all external applications
  • Improve your  Office 365 detection capabilities
  • Test to establish a baseline

All of the security features, levers and buttons on O365 can be overwhelming.  NetWorks Group helps customers with both identifying risks and gaps as well as practical advice to remediate them.  We’ll help you develop a prioritized approach you can share with the CEO to gain buy-in.  We’ve also created a number of services to help if you don’t have the time or in house expertise.  Please reach out for more information.  We’re here to help.

Scot Armstrong

sarmstrong@networksgroup.com

330.414.0229

Stay in touch. Never miss a security update from the team.

Security news, tips, webinars, and more straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.