Ultima combats climate change in partnership with Ecologi06/09/2022
Tech: why it might be your kryptonite07/09/2022
The most targeted platform in the world demands the best email security.
Email is the most universal communication tool for businesses and more than 300 million users depend on Microsoft 365 for email, so it’s unsurprising that 94% of all attacks start with email.
Hackers have evolved their methods of attack- they’re attacking at the perimeter and targeting people inside the organisation, using social engineering to dupe employees, amplifying the attack’s impact by spreading internally, and stealing domains and brands to attack customers, employees, and broader supply chains.
For organisations who rely on Microsoft 365, you should consider the below factors:
- How prepared is your organisation to deflect highly targeted phishing attacks?
- Are you confident in your safeguards against spoofing, lookalikes and other forms of email and website impersonation?
- Do your spam filters leave you vulnerable to permanent loss of important business correspondence?
- Is your message encryption reliable and consistent but also user friendly?
- Does your security reporting system provide you with more than just the basic details? You need to be able to take in the big picture, so no attack pattern is overlooked.
However, preventing or limiting the consequences of an attack calls for more than enhanced email security. Preventive measures need to be part of a larger strategy of cyber resilience that embraces backup and recovery, business continuity and compliance, as well as the ability to identify and block threats that originate on the web.
What about Microsoft 365 security?
Microsoft 365 for email does come with an extensive set of protective mechanisms, however many organisations will require a greater degree of control, resilience, and more extensive protections than Microsoft’s productivity suite can provide.
For instance, the Advanced Threat Protection (ATP) security service offering for E5-level subscribers provides a degree of protection against malicious URLs, phishing messages and attachments. But it doesn’t actively scan all email content for such threats, and its Safe Attachments feature relies entirely on sandboxing to detect malware. Other, more sophisticated techniques, such as deep content inspection, static analysis, and multi-stage threat analysis, are not used, potentially leaving your organisation at risk.
Defence in depth
We would recommend operating ‘defence in depth’, a layered approach to cybersecurity. When used in conjunction with the native security features of Microsoft 365 this will provide a much greater degree of cyber resilience.
With this strategy, if one security control proves ineffective others are already in place to fill the breach. Some of the key elements of a defence in depth strategy include:
- Anti-malware to guard against viruses, spyware and other types of malevolent software. The best of these programmes go beyond signature-based detection and include heuristic features that scan for suspicious patterns and activity.
- Network security controls to restrict data and network access. Typically, these are based on an analysis of a network’s traffic patterns and used to configure firewalls and intrusion protection systems.
- Data integrity analysis software to spot any data file inconsistencies. Incoming files with discrepancies can be flagged as suspicious- especially when they come from an unfamiliar source.
- Network behavioural analysis software that picks up where firewalls and intrusion protection programmes leave off. By identifying aberrant user and network traffic patterns, NBA applications can spot any suspicious activity and take remedial action.
By deploying solutions from third parties to shore up the native security of Microsoft 365, you will benefit from much more advanced features, alongside avoiding a security monoculture and making it harder for cybercriminals to penetrate defences.
Mimecast’s approach to email security is known as Email Security 3.0. Coupled with the Mimecast resilience extensions for data protection, back-up recovery and continuity, Mimecast helps more than 20,000 Microsoft 365 customers to restore trust in their email.
Ultima are a Mimecast Premier Partner, having worked together for a number of years delivering cloud-based email security, archiving and continuity solutions for Exchange & Office 365. Ultima also hold Gold Partner status with Microsoft, making us the ideal partner to advise your organisation.