Security and compliance are suddenly higher up on organisations’ agenda than ever before, and it’s not surprising. The five main trends in the period between October 2018 and April 2019 highlighted five main areas of vulnerability; Office365, ransomware, phishing, vulnerability scanning and supply chain attacks.
There has been significant use of tools and scripts to try and guess users’ passwords, and this has almost become the daily norm for Office365 deployments, with attacks now being mounted at scale across the internet without ever having a foothold within the corporate infrastructure.
A successful login will give access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange could be compromised, as well as any third-party services an enterprise has linked to Azure AD.
The most common attack affecting Office 365 is password spraying, which attempts a small number of commonly used passwords against multiple accounts over a long period of time. This doesn’t tend to trigger account lockouts because the limit of failed attempts is not reached, and as a result can make it much harder for IT security teams to spot.
In most cases, attackers aren’t after just one specific account, and using this method can target many accounts in one organisation without raising any security suspicion.
A recent report stated that 60% of Office 365 and G Suite tenants were targeted with IMAP-based password-spraying attacks. However, it’s important to note that G Suite administrators can disable IMAP connectivity, mitigating the risk to their G Suite users.
On a smaller scale, we have also seen credential stuffing. This takes pairs of usernames and passwords from leaked data sets and tries them against other services, such as Office 365. This is difficult to detect in logs as an attacker may only need a single attempt to successfully log in if the stolen details match those of the user’s Office 365 account.
Similarly to password spraying, this targeted method can be combatted by disabling IMAP connectivity within G Suite.
Ransomware attacks prevent organisations from using their computers or accessing their data, typically by encrypting files and folders. Once this hold is in place, the hackers request payment to release the organisation’s data and allow them to get back to work.
It’s important to note, however, that no Google file formats can be affected by this as they are not traditional files like Word or Excel – they are in fact web files with no physical storage location. This means that organisations that use G Suite and store their files within Google Drive are instantly protected from ransomware attacks without having to shell out huge amounts of money on additional security products.
- The Art of Change Management
- Scottish Data Insight Firm Offers Free Business Support in Response to Coronavirus
- GiftRound Changing Business Structure to Help During Coronavirus
Gmail has long since been the standard-bearer for security and compliance around email from anti-phishing and high levels of spam protection for users. This has covered for the most part both consumer and G Suite users.
Confidential Mode – users can help protect sensitive information from unauthorised access using Gmail confidential mode. Recipients of messages in confidential mode don’t have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.
Data Loss Prevention (DLP) – analyses the files in your organization’s Team Drives for sensitive content. You can set up policy-based actions that will be triggered when any sensitive content is detected.
Gmail Security Sandbox – a sandbox detects the presence of previously unknown malware in attachments by virtually “executing” them in a private, secure sandbox environment, and analysing the side effects on the operating system to determine malicious behaviour.
Invest in Staff Training
All businesses need to be proactive in training their staff for GDPR. When new staff members come on board, they should receive data management training, and all members of the team should understand how your business specifically uses data.
Allied to that IT partners such as Cobry should be engaged to teach best practice within the organisation through organised training sessions either in person or through webinars.
Using 2-Step Verification (2SV)
One of the most effective ways to protect yourself from being hacked.
There are multiple 2SV methods, including SMS Text, Google Prompts on mobile devices, and physical USB Security Keys.
Using 2SV provides users with a better option to secure their accounts. As well as 2SV over an encrypted connection, users can also block unauthorised access to their accounts with Google Prompt that delivers real-time prompts, telling the user when they have logged into another device.
This update comes through as a pop-up notification on the Google app. This allows users to answer “yes” or “no” when asked, “are you logging in?”
Allied to that, additional control can be gained from deploying Cloud Identity. For full details please click here.