Office365 is Microsoft’s fastest-growing product. A staple for individuals and organisations alike, the SaaS offering has dominated the productivity space, with more than 258 million users and 75 million Team users. Covid-19 has significantly accelerated the adoption of Office365 across the globe. As a result, organisations are exposed to new cyber threats and challenges that they may not be prepared or aware of.
For many users, Office365 is the core of enterprise data sharing, storage, and communication. It is therefore no surprise that it has become a prime target for cyber attackers. With its ecosystem of programs, Office365 account takeover has become the largest security threat vector in the cloud, beating email compromise.
- Takeovers cost an estimated $6.5-$7 billion in losses across multiple industries
- Between 2018-2020, there’s been a 98% rise in compromised credentials to accounts
- 99% of cloud security failures are in the customer’s portion of the responsibility model
- 56% of breaches are taking months or longer to discover
Thanks to Vectra, the entire Office 365 ecosystem can be protected against data breaches. Cognito Detect sees threats emerging from the cloud in real-time and stops them in their tracks. Users can identify threats across the entire network, tying together attacker activities and progression between cloud, hybrid, and on-prem environments.
For their recent Spotlight report, Vectra was able to observe 4 million Office365 accounts over a 90 day period. They were able to identify suspicious high-risk behaviours associated with attacker techniques exploiting built-in Office 365 capabilities.
Lateral movement is the most common type of suspicious behaviour (the techniques attackers use to move through a network in search of key data), closely followed by command-and-control communication.
- 96% of customers sampled exhibited lateral movement behaviours
- 71% of customers samples exhibited suspicious Office365 Power Automate behaviours
- 56% of customers samples exhibited suspicious Office365 eDiscover behaviours
Attackers live off the land using legitimate Office365 tools and features to remain hidden and bypass security controls. Cognito Detect puts an end to Office365 account takeovers by understanding attacker behaviours and account privilege.
Crucially, Vectra can help you to identify and remediate any threats within Office365 in real time. Please get in touch today if you would like to find out more, and one of our friendly experts would be more than happy to walk you through the process.
