COMMENT
The cybersecurity landscape, particularly within the Microsoft 365 ecosystem, is constantly evolving. Recent incidents involving major technology and cybersecurity companies highlight a critical reality: Understanding security best practices for Microsoft 365 is different than implementing them effectively.
Kaspersky reports that 2023 saw a 53% increase. in cyber threats that target documents, including Microsoft Office documents, on a daily basis. Attackers tended to use riskier strategies, such as breaking into systems covertly through backdoors. In one case, a non-production test account lacking multi-factor authentication (2FA/MFA) was exploited, while in another, a backdoor was added to a file, resulting in a supply chain attack.
These incidents serve as a stark reminder that even low-risk accounts and trusted updates within Microsoft 365 can become vectors for security breaches if they are not properly protected and monitored. Despite organizations’ deep experience, those targeted have fallen victim to advanced cyberattacks, underscoring the critical need for diligent enforcement of security measures across Microsoft 365.
The role of artificial intelligence in governance
Artificial intelligence (AI) has grown tremendously in recent years and can now be found in almost every aspect of technology. In this transformative era of artificial intelligence and large language models (LLMs), advanced AI models can be leveraged to improve cloud security measures. AI is more than on its way to becoming standard practice, and organizations have no choice but to embrace it. By optimizing AI algorithms for expert domain knowledge, AI can provide organizations with actionable insights and predictive capabilities to proactively identify and address potential security threats before they become a problem. These types of proactive strategies allow organizations to safeguard their digital assets effectively.
On the other hand, AI also increases the need for greater security in the cloud. Just as the “good guys” use AI to advance technological practices, hackers also use AI to discover new organizational vulnerabilities and develop more sophisticated attacks. Open source LLM templates available on the Internet can be exploited to create and execute very complex attacks and improve them exercises for the red team and the blue team. Whether used for good or ill, AI plays a significant role in cybersecurity today, and organizations need to understand both sides of its implications.
Three ways to increase your confidence
As digital threats become increasingly sophisticated and the ripple effects of a single breach can impact multiple organizations, the need for vigilance, proactive security management and continuous monitoring within Microsoft 365 is greater than ever.
One way to do this is to check access control policies everywhere. Orphan items can become treasures for cybercriminals. For example, a salesperson should be able to access everything related to sales, including email, SharePoint, OneDrive, and more. However, if that person leaves the company and these items are not tracked, they will often go unattended. Access control policies for items containing valuable data must be periodically audited and updated.
Additionally, it is critical to review delegations and manage permissions consistently. Delegation of authentication credentials is essential for onboarding new programs or employees, but it doesn’t stop there. These proxies need to be regularly monitored and reviewed as time goes by. Likewise, separation of duties and diversions is equally essential to ensure that no individual is given too much control. Organizations often have too many permissions or outdated delegations, which can increase the risk of cybersecurity issues. Companies should try to focus on the capabilities of a single operator and limit permissions as much as possible. A strong focus on delegation and separation of duties will further improve accountability and transparency.
Maintaining control over your cloud environment is another imperative. Solutions that support cloud governance can help enforce strong security policies and streamline management processes. If you choose to partner with a cloud governance provider, be selective as your partner will hold the keys to your most valuable assets. Security should always be seen as a multi-layered approach; the more layers you add, the better. The key is to create layers that can be effective and balanced to achieve better governance without impacting productivity or processes.
Based on alarming number of security breaches of the security breaches targeting Microsoft 365, it’s clear that the old way of doing things needs to change. Gone are the days when simple antivirus software did the job; technology has undergone a complete paradigm shift and, therefore, our defenses also need significant overhauls.
Implementing rigorous security measures, conducting regular audits, and maintaining governance can significantly strengthen an organization’s defense against cyber threats. By remaining vigilant and proactive, you can mitigate security risks and safeguard critical data from potential breaches before they cause harm to you or your customers.