During the shift to Microsoft/Office 365, pre, but mainly post COVID19 – due to the urgency of remote working, security was and has been – unfortunately - over looked in same areas.
Now is the time to address these risks – on your own terms – rather than the terms from a threat actor at 9am Monday morning looking at an encrypted system.
Single Sign on – Know the risks involved!
Many organisations are turning to single sign on to provide a smooth and seemly authentication experience – and while this is a great feature, it also poses a great security risk – As the same credentials of a compromised email account, now provides a threat actor with the ability to sign in to any cloud application, or connect using VPN or connect using Remote Desktop Services – all with valid credentials.
Microsoft/Office 365 inter-connected
With a simple compromised email account credentials, the threat actor can now login not only to email, but also Teams, SharePoint, OneDrive – the entire suite of Office 365 and Microsoft 365 – Run searches, send emails, download content – basically have a great time!
While traditionally attacks (crypto/ransomware) are little more difficult in this environment, the potential for data theft, corporate espionage and spying increase dramatically – having professional being called in on a case recently!
Inter-Connected Risks
If a mailbox is compromised, not only the mailbox is vulnerable – but also Teams, SharePoint and one drive files - Which can all be accessed, viewed and downloaded - very easily and simply by a threat actor – often scripted (Drive by download based on keyword search across O365).
On the other hand, with single sign on, now your VPN and Remote Desktop Services are also vulnerable – Opening up the possibility to crypto/ransomware and other direct attacks on your on-prem files, applications and desktop machines.
Things to Consider
- MFA - Multi Factor Authentication - This is by fast the biggest way you can help protect suchs problems - While O365 supports it, Does your VPN/RDS?
- Cyber Insurance – the cost of a cyber incident can be substantial – Get good professional advice.
- Use the available tools - Microsoft/Office 365 comes with tools regardless of plan – just the feature set changes with subscription - Increase your knowledge and training
- Security is ever evolving, just as our platforms and technology is. If you lack knowledge in something, you need education – Even if it is the basics.
- Use trusted advisors and professional experts to assist you, increase your knowledge
- Always Review your plans and polices, develop new ones if required
While the cloud provides some great technology, services and functions with its ability to interconnect – that interconnected ability can also be a weak point in your security plans if overlooked.
You must protect against these threats and risks – Sometimes its going to be an additional month cost in your subscription costs for an Azure P1 subscription – You will need weight the cost against the risks of such persistent threats and the potential damage to the organisation should an advanced threat (such as wire fraud or impersonation) occur.
MFA - Multi-Factor Authentication
If you do not have it on for every user in your organisation - This week is a great week to start rolling that out!
This is by far one of the best things you can do to protect your cloud based services, but do not forget your single-sign-on connected applications , VPN, Remote Desktop Services, etc!
In Summary...
Handing such matters are always best done when you have the time to do them, and have the ability to control the situation, do not leave it until you have been compromised!
Schedule your own Security Check this week with your IT Team, Get advice from trusted advisors and review your plans, polices and procedures when it comes to cyber security.
