Sophisticated O365 cyber attacks underline need for third-party backup
Reading, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why O365 cyber attacks are more frequent when Microsoft announced this year that it has more than 180m active commercial users every month.
According to IDC research, 69.2% of organizations have fallen victim to a malware attack within the past 12 months.
Many organizations take a long time to learn about breaches and respond to them, making them even more vulnerable to hackers, who are becoming more sophisticated and creative in their approach.
Many of us are used to seeing the occasional fake email purporting to be from a bank or service provider.
Not so obvious, though, are the phishing tactics used to trick O365 users into handing over their account credentials.
Sneakier cyber-criminals will now try to mimic a meeting request from your boss, or from Microsoft itself, but the link will go to a fake Microsoft Outlook sign-in page that steals the credentials you enter.
Others pretend to be a non-delivery notification from an O365 email account that prompts users to ‘send again’. The user is fooled into clicking through to a phishing site that looks identical to the O365 email login screen.
Most of us know it is unwise to download documents sent from unfamiliar or suspicious-looking sources, but cyber criminals are now injecting malware simply when a user previews a document.
The Office Preview process doesn’t check if the source of the document is trustworthy before generating a preview, and criminals are taking advantage of this.
Users responsible for vast majority of data loss and O365 Cyber Attacks
Cyber-crime is not the only cause for concern, though, as the vast majority of O365 data loss in an organization is down to end users.
This can come in the form of accidental deletion or overwriting of information, malicious deletion of data by a disgruntled employee or corruption while syncing a file.
There is nothing to protect you from an employee seeking to remove evidence of potential misconduct or malpractice.
Office 365 cannot distinguish between a malicious employee deleting critical files and another employee deleting unneeded items – and very little can be done to get that information back once it is gone.
This is particularly worrying given the employee governance that almost all organizations have to comply with.
There is also no provision for reverting a mailbox server to an earlier point in time, should a virus attack corrupt your information.
Such data loss can be very costly as it can disrupt business activity and damage reputations.
On top of this, many organizations have industry-specific regulation governing data retention and other data protection specifics, so document deletion would result in failure to comply.
That is why it is essential that organizations do not rely solely on native O365 protection to recover data and at the very least consider a third-party backup when Office 365 is implemented.
IT teams have ultimate responsibility for data protection
Ultimate responsibility for data protection lies with the data owner. That invariably means the head of the IT team.
The answer is to make software-as-a-service data protection a boardroom priority, especially at a time when it is entering the IT fiercely and definitively.
Whether you have challenges over managing Office 365 content or very real concerns about how well Microsoft might recover your business-critical data in the event of a security issue, Redstor has you covered.
See how protecting OneDrive, SharePoint and Exchange in Redstor’s cloud allows you to retain full control of your data and why it’s vital for compliance purposes. Don’t be caught out by O365 Cyber Attacks with help from Redstor.