Whaling Attack

Office 365 Email Security – The Hidden Costs

You’ve made the big decision to migrate to Microsoft Office 365. Its array of cloud collaboration makes this a great decision. Yet at the same time, Microsoft is also pitching Office 365 as a way to consolidate your security, compliance, and e-discovery platforms. It is promising advanced threat protection, data protection, and an online archive that’s all about privacy and meeting robust data-retention requirements. And it’s all included. How can you turn down that offer?

On the surface, the prospect of free security for your Office 365 deployment seems promising. Why spend more money on third-party email security or archiving when it comes as part of your Office 365 license? Maybe fresh memories about the data loss prevention (DLP) initiative that never really got off the ground has you questioning whether you really need robust capabilities to protect your sensitive assets.

At a deeper level, you may be asking yourself: “Aren’t all email security solutions pretty much the same?”

If it were only that simple. Free Microsoft Office365 security may be fine for certain purposes. But it may end up causing more problems and costing more than you bargained for. Not all advanced threat, email security, or archive solutions are created equal.

Consider the childhood story of The Three Little Pigs. In concept, the straw house and the brick house might seem comparable. They both have walls, a roof, and a door. But when the wolf huffed and puffed, only one of them withstood the gusts.

When it comes to truly comprehensive security for Office365, Microsoft’s native security and compliance offerings cannot compare with the enhanced protection of an advanced email security solution like Spambrella.

Make Email Security for Office 365 a Top Priority

Phishing was first recorded as a term on January 2, 1996. Twenty years later, it has morphed into a highly sophisticated attack used to steal funds and valuable information. Today’s phishing is multi-layered. It evades many conventional defenses. The attacks can be broad-based or highly targeted. Many use malware, but others don’t. Cyber criminals even deliver phishing email through legitimate marketing services to get past spam filters and other defenses. No wonder 91% of targeted attacks start with email.

Today’s creative attackers use automated tools to mine information about their targets from social media profiles, which are often public. That means attackers know where you work. They know your role, interests, hobbies, marital status, employment history, and more. Attackers use these details to craft a convincing email message to get you to click on a malicious URL or attachment. Once you click, a malicious payload drops on your system.

But, beyond the tactics you’re likely familiar with, a new technique has emerged as a serious threat: business email compromise (BEC). BEC attacks are spoofed emails from someone posing as an authority figure: a CEO, for example, that ask a colleague, such as a staff accountant, to wire funds. Recipients, thinking that they’re acting on behalf of a manager, send the funds or information—you guessed it—straight to the cybercriminal impostor. But BEC doesn’t stop at fraudulent transfers. The attackers are also tricking recipients into sending PII, payroll information, and more.

Regardless of their tactics, phishing attacks are highly successful. The SANS Institute reports that 95% of network attacks result from spear phishing. Clearly you need the controls to secure business email security perimeters with the strongest defense possible.

How does this relate to your Office 365 migration? The heart of Office 365 is Microsoft Exchange Online email. In a number of areas, Office 365’s built-in security, compliance, and archiving capabilities don’t meet the needs of enterprise-class organizations.

Too little email protection can lead to costly breaches that taint your brand, damage your reputation and hurt your bottom line. That’s why a strong defense for Office 365 email matters.

You can’t respond to what you can’t see

If your email gateway doesn’t provide the right insight and deep, detailed reporting, you can’t discover and respond to indicators of compromise (IoCs) effectively. You’re left searching for the proverbial needle in the haystack.

Blocking threats at the gateway gives you two critical advantages. First, you glean insights about the whole attack, not just the final stages of the attack, when it has reached your network. And by catching threats at the gateway, you can stop them before they have compromised your environment.

Fragmented data loss prevention decreases your chance of success

Basic data loss prevention (DLP) features are another part of the core Office 365 offering. Already viewed dubiously among many C-level executives, DLP has been known more for its failures than success.

DLP deployments have roughly a 20% success rate, even with immense resource allocation. The likelihood of success is further eroded by single-channel (typically email) point DLP approach. Juggling multiple sets of policies, incident queues, and enforcement tools is not an effective way towards a successful information protection practice.

Archiving must be defensible and e-discovery ready

In the same way that you want to ensure that malicious content is kept out of your organization, you also want to ensure that you can retain and archive business-relevant content in a way that’s legally defensible. And you’ll want to be able to meet your e-discovery obligations quickly, cost-effectively and defensibly. Complying with archiving and e-discovery rules is about more than just storing unprotected data within the Office 365 ecosystem. It’s about email, social media, enterprise collaboration (such as Yammer), and even data stored on users’ laptops. Choosing the lowest-cost archive to save some money upfront can wind up costing more in the long run through penalties and higher litigation readiness costs.

Unanticipated email outages can have huge business impact

Today’s business depends on reliable email access. An unexpected outage could have costly consequences. That’s why ensuring around-the-clock access to business-critical email is critical. Any business in the modern age requires a DR email continuity service in place.

Calculating the Hidden Costs of Bundled Security

More often than not, bundled goods may also create significant and sometimes hidden costs with both short-term and long-term consequences. The old adage “You get what you pay for” certainly applies to Microsoft’s security offerings. Lack of adequate security for your Office 365 deployment could cost you time, information, money, and even your reputation.

For security teams

Security has always been a tough job. Today’s advanced threats make it even tougher. As compliance regulations push security up to the board level, the conversation is not just about efficacy. It’s about having the visibility to understand what threats are targeting your business. Not having the visibility and insights that you need to address security issues at an organization level can result in significant lost time.

According to Ponemon Institute, the biggest financial consequence to organizations that experienced a data breach is lost business. These costs can vary widely based on the quantity and type of assets lost.

For IT departments

If you’re an IT administrator, consider the costs of outages and support.

Forrester Research cites availability as one of the top challenges organizations face with Office365 email. According the most recent industry calculations, the overall cost of an outage is about $5,600 per minute, or more than $300,000 per hour.

Information protection

Breach statistics are staggering across all sectors. Enterprises are always at risk of data loss. Malicious insiders can leak it, external bad actors steal it, and even well-intentioned employees may unknowingly expose vital company assets. The U.S. government suffered 61,000 cybersecurity breaches in 2014 alone. 91% of healthcare organizations have experienced at least one breach over the past two years according to the Identity Theft Resource Center.

Take business email compromise (BEC), which has escalated beyond financial fraud. The spoofers have duped legal departments into sending out sensitive information. They have tricked human resources staff into sending W-2 forms.

Concern about the liability stemming from data breaches has made security a boardroom issue. With this in mind, you need to look at Office 365 security with a critical eye. Review its ability to find sensitive data (including multiple file types), resolve issues across all channels, and enforce and report policy issues.

Applying policies to outbound mail, with the workflow to manage incidences serve as an important layer of security, not just compliance.

Here are some specific questions to ask:

  • Can you detect sensitive data across the breadth of file types that may contain sensitive information?
  • Can you quickly identify what content triggered a policy alert?
  • Do you have an incident response workflow in place to remediate the situation?
  • Does your automated response enable remediation across multiple channels, including email, file share, and Microsoft
    SharePoint sites? Do you need a separate DLP solution to reduce the attack surface across each of these channels?
  • Where do you need DLP coverage? If you need DLP beyond email, how much effort is required to keep policies
    consistent and get a consistent reporting across multiple DLP tools?
  • When sensitive data is detected, how is encryption handled? What type of granularity do you have to revoke messages
    to the wrong recipient? What percentage of encrypted emails do you anticipate to be viewed from mobile devices?
    What is the recipient experience?

Anti-Phishing Protection