February 2018 - Why Microsoft Office 365 Subscribers Still Need Email Security
by Brad Rudisail, Networking Consultant, MCSE, and IT Leader
Microsoft Office 365 is probably the most prevalent example of enterprise cloud services today, boasting 100 million users as of April 2017. According to a national survey in November of last year, 53% of organizations are using Office 365 in some capacity and another 17% plan to adapt it within the next two years. This popularity is attributed to the level of agility, redundancy and scalability that Office 365 offers that traditional on premise email server platforms cannot deliver for small and medium size businesses. Office 365 also eliminates headaches for your IT department such as upgrades and email migrations that must be conducted every few years or so. It also alleviates the mundane tasks of patching and updating because like most SaaS offerings, users get the most up-to-date version of Office 365 each and every day. Office 365 also eliminates many software-licensing issues among your many users. The most important question however is, does Office 365 include all of the email security I need?
Why Email Security is so Vital?
Email is probably your greatest vulnerability when it comes to security threats. Here are some statistics...
• According to the SANS Institute, email is the most common intrusion vector for organizations today.
• In their 2017 Data Breach Investigations Report, Verizon states “across industries, email is the road
most traveled to deliver malware into organizations.”
• According to an article in InfoSecurity Magazine last year, 76% of ransomware attacks start with a
• According to the FBI, Business Email Compromises (BEC) involved 22,000 victims and losses of
$1.5 billion in the U.S. alone. Globally, the numbers swell to 40,000 victims and $5.3 billion in losses.
A single ransomware attack can bring down your business operations for days if not weeks. Consider the case of healthcare transcription giant, Nuance Communications, which had basic operations disrupted for weeks because of the NotPetya attack last summer. A single BEC attack can result in catastrophic losses such as a BEC scam that Ubiquiti Networks experienced in 2015 in which cybercriminals stole $46.7 million.
Why Office 365 Subscribers Need a Supplemental Email Security Solution
With all of Office 365’s many features, it is no wonder that it is the #1 email platform in the market today. But besides attracting the attention of millions of subscribers, it also attracts the attention of the cybercriminal community. With so many users and organizations using the same email cloud service, hackers can concentrate their resources and time to circumvent the defenses of Office 365. Just as Office 365 provides scalability to its subscribers, it provides phishing criminals with the ability to scale their efforts as well and focus on a single platform to discover weaknesses and exploits. It's easy to do so when they can simply use Office 365 themselves and then use their own accounts to test and research just how Microsoft security functions and how they can exploit security lapses for their purposes.
It seems that companies are becoming aware of this issue because 70% percent of active Office 365 users report significant concerns about advanced threats. As a result, many enterprises are indeed turning to third party solutions to enhance the security of their Office 365 hosted email accounts. According to a recent Gartner report, 40% of Office 365 deployments will rely on third-party tools by 2018 in order to fill gaps and meet expected security requirements and compliance. They expect that number to rise to 50% by 2020.
Microsoft does offer an additional security package called Advanced Threat Protection which requires a higher enterprise subscription cost. You can also purchase these tools à la carte but each tool requires a separate fee. So if added security is going to cost additional money, why not acquire a third party solution to compliment your subscription?
Spotlighting some Great Solutions
Barracuda offers two cloud-based solutions to protect your Office 365 email services, providing comprehensive coverage that filters every inbound and outbound email to stop spam, viruses, data leaks, and malware. It also includes a subscription to Barracuda Advanced Threat Protection, a cloud-based service that uses a multilayered architecture with a CPU-emulation sandbox to detect and block new (zero-day) and advanced, evasive threats before they touch your deployment. For specialized protection against BEC attacks and other impersonation-based phishing attacks, you can add Barracuda Sentinel that utilizes AI to inspect your email traffic, looking for suspect anomalies that could mean some type of threat. It also provides your IT department to deliver simulated spear phishing attacks to help train users and make them more cognizant of potential email threats.
Another great alternative is to utilize the cybersecurity services of a managed services provider such as FusionONE by IntegraONE. An MSP will not only provide you with the extra security you need to protect your email communications, but can combine it with other security components as part of a multi-layer security strategy. For instance, Webroot SecureAnywhere is available in all of FusionONE’s subscription packages. This comprehensive solution provides identity theft protection, web browser protection and password protection, and a host of other security services. They can also provide insight and applicable strategies that can align with the needs of your organization.