Ponemon’s ‘Cost of a Data Breach’ Survey sponsored by IBM explains the damage of data breaches best. What is the cost of losing a file? They say $141. The average cost to an enterprise of a breach – $3.62 million. It is about 191 days on average to figure out that you have had a data breach.
Meanwhile, over 70% of O365 business users suffer at least one compromised account each month. The fact is, Office 365 applications come with some inherent vulnerabilities, especially when admins do not follow proper security measures, and rely entirely on non-Office 365-specific security solutions.
The best defense is stopping breaches before they happen. Finding and retaining trusted IT talent is a critical security component. “An IT study says over 50% of the data breaches are because we did not configure things correctly. That leads to the two poor IT people in the basement who have to do everything. Alternatively, we had to give out global administrative rights to 167 people and just pray they do not press the wrong button,” said Matt Smith, CoreView Solutions Architect.
Stop Breaches by Thoroughly Understanding Your O365 Tenant
From a prevention standpoint, CoreView takes the signals that Microsoft provides and greatly enriches them. For instance, CoreView has a global suspicious sign-in attempt map showing not only what IP address hackers were attacking from and failed, but also what accounts they went after. It also shows if the configuration included multi-factor authentication or not, and whether or not conditional access policies were effective for a specific attempt. Finally, it details the end-result of the sign-in attempt.
While there are plenty of Office 365-focused attacks, there are also many common areas of exposure that are regularly tested by hackers, including poor email practices, lack of attention to data loss/leakage, cloud storage, and more. Smart Microsoft IT pros take pains to address both concerns.
Meanwhile, hackers are smart enough to know that Office 365 admins hold the keys to the kingdom, and increasingly attempt to crack these high-level accounts.