Security & compliance is higher up on organisations' agenda than ever before and it’s not surprising. The five main trends identified by the National Cyber Security Centre in the period between October 2018 and April 2019 highlighted 5 main areas of vulnerability.
Incident trends
There has been significant use of tools and scripts to try and guess users’ passwords. This has almost become the daily norm for Office 365 deployments with attacks now being mounted at scale across the Internet without ever having a foothold within the corporate infrastructure.
A successful login will give access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange can be compromised, as well as any third-party services an enterprise has linked to Azure AD.
Password spraying
The most common attack affecting Office 365 is password spraying, which attempts a small number of commonly used passwords against multiple accounts over a long period of time. In most cases, attackers aren’t after just one specific account. This doesn’t tend to trigger account lockouts because the limit of failed attempts is not reached, and as a result this can make it much harder for IT security teams to spot them.
A recent report stated that 60% of Office 365 and G Suite tenants were targeted with IMAP-based password-spraying attacks. However, it's important to note that G Suite administrators can disable IMAP connectivity, mitigating the risk to their G Suite users.
Credential stuffing
On a smaller scale, we have also seen credential stuffing. This takes pairs of usernames and passwords from leaked data sets and tries them against other services, such as Office 365.
This is difficult to detect in logs as an attacker may only need a single attempt to successfully log in if the stolen details match those of the user's Office 365 account.
Similarly to password spraying, this targeted method can be combatted by disabling IMAP connectivity within G Suite.
Ransomware
Ransomware attacks prevent organisations from using their computers or accessing their data, typically by encrypting files and folders. Once this hold is in place, the hackers request payment to release the organisation’s data and allow them to get back to work.
It’s important to note, however, that no Google file formats can be affected by this as they are not traditional files like Word or Excel, they are in fact web files with no physical storage location. This means that organisations that use G Suite and store their files within Google Drive are instantly protected from ransomware attacks without having to shell out huge amounts of money on additional security products.
Email Protection
Gmail has long since been the standard-bearer for security & compliance around email through anti-phishing measures and high levels of spam protection for users. This has covered for the most part both consumer and G Suite users.
Confidential Mode - users can help protect sensitive information from unauthorised access using Gmail confidential mode. Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.
Data Loss Prevention (DLP) - analyses the files in your organization’s Team Drives for sensitive content. You can set up policy-based actions that will be triggered when any sensitive content is detected.
Gmail Security Sandbox - a sandbox detects the presence of previously unknown malware in attachments by virtually "executing" them in a private, secure sandbox environment, and analyzing the side effects on the operating system to determine malicious behaviour.
Staff Training
All businesses need to be proactive in training their staff for GDPR. When new staff members come on board, they should receive data management training, and all members of the team should understand how your business specifically uses data.
Allied to that, IT partners such as Cobry should be engaged to teach best practices within the organisation through training sessions, either in person or through webinars.
2SV
One of the most effective ways to protect yourself from being hacked is 2SV.
There are multiple 2SV methods, including SMS Text, Google Prompts on mobile devices, and physical USB Security Keys.
Using 2-Step Verification (2SV) provides users with a better option to secure their accounts. As well as 2SV over an encrypted connection, users can also block unauthorised access to their accounts with Google Prompt which delivers real-time prompts, telling the user when they have logged into another device.
This update comes through as a pop-up notification on the Google app. This allows users to answer “yes” or “no” when asked, “are you logging in?”
Allied to that, additional control can be gained from deploying Cloud Identity. For full details please click here.
How Cobry Helps
One of the most comforting services Cobry offers is a full Security & Compliance Review.
This can give you valuable insight into your organisation's security & compliance setup. You can find out more here, and you can also get in touch via the button below.
