Sophisticated O365 cyber attacks underline need for third-party backup

Sophisticated O365 cyber attacks underline need for third-party backup

posted in Disaster Recovery ● 17 Dec 2019

Sophisticated O365 cyber attacks underline need for third-party backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

According to IDC research, 69.2% of organisations have fallen victim to a malware attack within the past 12 months.

Many organisations take a long time to learn about breaches and respond to them, making them even more vulnerable to hackers, who are becoming more sophisticated and creative in their approach.

Many of us are used to seeing the occasional fake email purporting to be from a bank or service provider.

Not so obvious, though, are the phishing tactics used to trick O365 users into handing over their account credentials.

Sneakier cyber-criminals will now try to mimic a meeting request from your boss, or from Microsoft itself, but the link will go to a fake Microsoft Outlook sign-in page that steals the credentials you enter.

Others pretend to be a non-delivery notification from an O365 email account that prompts users to ‘send again’. The user is fooled into clicking through to a phishing site that looks identical to the O365 email login screen.

Most of us know it is unwise to download documents sent from unfamiliar or suspicious-looking sources, but cyber criminals are now injecting malware simply when a user previews a document.

The Office Preview process doesn’t check if the source of the document is trustworthy before generating a preview, and criminals are taking advantage of this.

Users responsible for vast majority of data loss

Cyber-crime is not the only cause for concern, though, as the vast majority of O365 data loss in an organisation is down to end users.

This can come in the form of accidental deletion or overwriting of information, malicious deletion of data by a disgruntled employee or corruption while syncing a file.

There is nothing to protect you from an employee seeking to remove evidence of potential misconduct or malpractice.

Office 365 cannot distinguish between a malicious employee deleting critical files and another employee deleting unneeded items – and very little can be done to get that information back once it is gone.

This is particularly worrying given the employee governance that almost all organisations have to comply with.

There is also no provision for reverting a mailbox server to an earlier point in time, should a virus attack corrupt your information.

Such data loss can be very costly as it can disrupt business activity and damage reputations.

On top of this, many organisations have industry-specific regulation governing data retention and other data protection specifics, so document deletion would result in failure to comply.

That is why it is essential that organisations do not rely solely on native O365 protection to recover data and at the very least consider a third-party backup when Office 365 is implemented.

IT teams have ultimate responsibility for data protection

Ultimate responsibility for data protection lies with the data owner. That invariably means the head of the IT team.

The answer is to make software-as-a-service data protection a boardroom priority, especially at a time when it is entering the IT fiercely and definitively.

Whether you have challenges over managing Office 365 content or very real concerns about how well Microsoft might recover your business-critical data in the event of a security issue, Redstor has you covered.

See how protecting OneDrive, SharePoint and Exchange in Redstor’s cloud allows you to retain full control of your data and why it’s vital for compliance purposes.

See the future of data management. Now.

Watch our product demos to find out more about our solution.

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading

How Data Analysis Helps Rugby & IT Bosses Win

Whether it’s Rassie Erasmus, Steve Hansen, Warren Gatland or Eddie Jones devising a Rugby World Cup masterplan or an IT boss striving to provide his multi-million-pound organisation with a competitive edge, many of their decisions will be informed by data analysis.

Continue reading