It’s no surprise that Office 365 has become the most widely-used cloud service in the world: Users love that it’s convenient, accessible from anywhere, on any device, at any time and IT loves it because there is no updating, patching or hardware concerns. But recent reports from Skyhigh Networks and Microsoft’s own Security Intelligence Report for Q1 2017 show exactly why IT teams need to be concerned about the growth of Office 365 and an alarming increase in credential-based attacks.
Why attack Office 365?
According to Skyhigh, almost 60% of sensitive data stored in the cloud is stored in Office documents. Think about Excel spreadsheets, Word documents, PowerPoint files and pdf documents many of which pass through email on a daily basis. If your multi-factor authentication solution uses email to enroll users, reset passwords, send one-time passcodes, and more, you are even more vulnerable to attack.
What does the Microsoft Security Intelligence Report for Q1 2017 tell us?
Attackers have found a new favorite target: In the first 3 months of 2017, Microsoft cloud-based user accounts saw a 300% increase in attacks over the previous year. At the same time, the number of account sign-ins attempted from malicious IP addresses increased by 44% year over year
Why should we trust these numbers? Every month Microsoft scans 400 billion emails for phishing and malware, processes 450 billion authentications, and executes 18+ billion web page scans. They own the platform, they monitor it, and they are telling us that we need to better protect it!
How do attackers get in?
Often by walking the front door with stolen credentials. According to Microsoft’s own numbers, the majority of compromises are the result of weak, guessable passwords, followed by targeted phishing attacks, and then breaches of third-party services.
As breached sites and phished passwords increase, attackers reuse the stolen credentials on multiple services. It’s sad to report in 2016 that the most common passwords include "123456", "qwerty" and “111111". Scouring 10 million passwords leaked in data breaches, predictably the most popular passwords include variations of "123456" and "qwerty", as well as "password" and "google".
What can I do to increase Office 365 protection?
The first thing users can do is create a unique password for every site and never reuse passwords across multiple sites. But users are still vulnerable to phishing attacks regardless of how strong and uncommon a password can get. Multi-factor authentication (MFA) is another popular protection mechanism to protect beyond the password. According to a study of IT decision-makers by Wakefield Research in late 2016, on average 56% of resources were protected by MFA, meaning 44% were protected by a password or nothing at all. But MFA is not an end all be all security solution. Many attackers can now bypass some popular MFA methods, and the list continues to grow. Sadly, attackers consistently figure out new ways around protective measures we take.
The best approach to protecting Office 365 – Adaptive Authentication
SecureAuth adaptive access control for Office 365 provides the greatest protection against credential-based attacks while providing the best user experience. Multiple pre-authentication risk checks, adaptive authentication, coupled with multi-factor authentication (MFA) provide a layered defense nearly impossible to penetrate, even with compromised credentials. Additionally, the threat data collected via the multiple risk checks can be shared with the SIEM or SOC for correlation with other threat data to help pinpoint identity-based threats in a sea of alerts and potential problems.
Moreover, instead of interrupting users for an MFA step at every access request, SecureAuth’s adaptive authentication enables access for low-risk requests without an MFA step, requires MFA for medium-risk attempts, and denies or redirects high-risk request.
The bottom line…
As Office 365 becomes more and more popular, it will draw more and more attackers. Password-only protection is simply not enough to stop today’s cyber attackers and MFA may not provide the protection needed to keep your organization from becoming the next public breach. Adaptive authentication provides the layered defense and least user disruptions to both protect and keep users happy. Learn how at www.secureauth.com/O365.