Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Microsoft 365 Is Wildly Successful and Profoundly Vulnerable – Here’s Why

Microsoft 365 has been adopted and used at an enormous rate and now powers 600,000 companies in the United States alone.

Also enormous? The 78% of Microsoft 365 administrators who reported successful security breaches, citing email phishing as the leading cause.

Cloud inboxes are simply more vulnerable than on-premises email platforms. But enterprises using Microsoft 365 consistently report higher levels of successful phishing attacks.

Related: Secure Email Gateways Cost $3B Last Year – Phishing Attacks Are Still Evading Them

Why Microsoft 365?

What makes Microsoft 365 uniquely vulnerable to phishing and scams?

  • Its native security has a 16% false negative rate for spam and phishing emails, according to Mimecast.

  • If a scammer uses a spoofed/lookalike/soundalike domain that doesn’t exactly match your domain name, Microsoft 365 won’t flag the activity. It also won’t flag spoofed domains for your business partners or even well-known brands. “Saleforce.com” will still go through.

  • Microsoft 365 uses static blacklists when scanning URLs for threats. Meanwhile phishing sites can have short life spans, even just a few hours. Analyzing each site in real time is a far stronger form of prevention.

  • And Microsoft 365 has features such as Safe Attachments, which uses virtual sandboxing to scan attachments in an email. But sophisticated threats require deeper inspection of embedded documents and code.

A Workaround

If you’re otherwise happy with Microsoft 365, explore an inner layer of email security called Inbox Detection and Response (IDR). While the trusty Secure Email Gateway filters spam and known threats, it can’t detect sophisticated email attacks, like account takeovers, phishing, spearphishing, and Business Email Compromise (BEC).

IDR solutions hook into cloud inboxes, continuously scan all inbound and outbound emails in all folders​, and follow links. They check URLs’ favicons, logos, site maps, domain owners, and security certificates — all indicators that help flag, “Is this a valid email or a threat?”

When threats are uncovered, IDR solutions can also automatically delete every copy across every mailbox. Automatic remediation massively reduces the “window of vulnerability” caused by malicious emails lingering for lengthy periods within the reach of users.

Enter Cyren Inbox Security

Cyren Inbox Security was built to safeguard each and every Microsoft 365 mailbox in your organization. It is a continuous and automated layer of security right in the user mailbox:

  • Persistently rescans inbound, outbound and delivered emails in all folders

  • Reduces investigative overhead with automated incident and case management workflows

  • A seamless mailbox plugin lets users scan and report suspicious emails

Our threat visibility is unsurpassed. Cyren’s global security cloud processes 25 billion email and web security transactions every day; identifies 9 new threats and blocks over 3,000 known threats each second.

Ready to play with Cyren Inbox Security for Microsoft 365? Start a 30-day trial, no credit card needed

Jun 23, 2020 | Security Research & Analysis

You might also like

Phishing with QR codes

,

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...