Navigating the Future with Windows 365: Your Complete Cloud-Based Workspace
Cloud computing has transformed the business landscape, offering unparalleled flexibility and efficiency. A leader in this evolution is Microsoft...
2 min read
cloudservuscom Apr 21, 2021 11:05:17 AM
Recently, CloudServus received a high-severity alert from the Microsoft 365 Security & Compliance Center of one of our clients: a user account had been potentially compromised and, as a result, had been restricted from sending messages outside of the organization.
As we dug further into the issue, we noticed an interesting parallel between the activity of the users involved in the situation and some of the most dangerous cyber attacks occurring today.
Here’s what happened, and why it matters for you:
In our client’s case, Microsoft’s alert was triggered by a relatively benign activity. The user – one of our client’s employees – had shared her credentials with another employee. The second employee then used her credentials to log in to another workstation at the company. When the second employee began sending messages from the additional workstation using the borrowed credentials, Defender for Office 365 flagged the activity as suspicious and blocked the user from sending outbound email.
In the end, the situation was easily resolved. Creating a shared mailbox and updating email sending procedures internally allowed the team to resume sending messages without triggering alerts (though the compromised account will have to be on its best behavior going forward!).
However, what was notable about the situation wasn’t how quickly we were able to get our client’s email accounts back up and running. It was that our client’s employees had inadvertently performed a pen test, demonstrating how effective Microsoft has become at identifying and preventing potential phishing attacks.
Viewed through another lens, our client’s behavior closely resembled the activity that would have occurred in an actual, successful phishing attack.
Though Defender for Office 365 successfully – and correctly – identified the threat and restricted the compromised account, other tools used by the client missed the issue entirely. Despite sending a high volume of emails with borrowed credentials, a well-known email hygiene product, as well as a ‘cutting-edge’ email encryption and security tool did not raise any red flags or alerts.
Our client’s experience demonstrates how effective Microsoft’s next generation of email security has become at stopping potential attacks.
You may be confident that your employees would never share logins or behave in this way, but ultimately, that’s beside the point. As phishing attacks grow more and more sophisticated and frequent every day, every business needs to be concerned about the potential repercussions associated with employee credentials being accidentally compromised.
Phishing attacks nearly doubled in frequency from 2019 to 2020, according to FBI data. What this phenomenal win proves is that Microsoft 365 and Defender for Office 365 are two of the best tools you can have on your side when it comes to protecting your business’s most sensitive data.
Want to learn more? You may already own the rights to some of the security tools mentioned here. A Cloud Security Assessment with the CloudServus team will review your current security posture, provide a detailed Executive Report deliverable, and provide actionable next steps for remediation. Contact us today for more information.
Cloud computing has transformed the business landscape, offering unparalleled flexibility and efficiency. A leader in this evolution is Microsoft...
It’s more important than ever today for businesses to make data-driven decisions. But while 90% of organizations indicate that data is increasingly...
The deadline for Windows Server 2012 support is fast approaching; the end of support date is October 10th, 2023. As this technology is set to become...