Sujatha Narasimhan, Senior Sales Engineer at Mimecast, tells us about the importance of a workplace security strategy. She breaks down the security limitations of Microsoft 365, describes how to build email security and explains how to defend a business’s critical data and information from hackers and other cybersecurity threats.
Over 90% of all cyberattacks start with email. Why is email the number one attack vector?
Email stands out as a universally valuable tool for all businesses irrespective of the industry. Clearly, there is a huge volume of data contained within email transactions. And as data proliferates, so does the probability of risk, especially with widespread tool adoption. This aligns with our annual State of Email Security Report which reveals that corporate reliance on emails is approximately 89%. This reliance persists despite the integration of collaborative tools like Teams and Slack into communication arsenals. Evidently, organisations still heavily depend on email as their primary method of communication making it the number one attack vector.
How can companies not only protect against attacks but limit the impact of an attack, should the worst happen and how can technology aid this?
We can break this down into four measures of protection. Firstly, any organisation aiming to defend against attacks needs comprehensive visibility and control. This involves securing all entry and exit points within the infrastructure. For example, with emails, most organisations focus on controlling incoming and outgoing emails but overlook internal communications. So, conversations between colleagues become a blind spot and that’s where organisations need visibility.
After visibility, the second need is security tools and mechanisms that can respond to attacks. Organisations need to start asking themselves ‘How do we limit an attack if it were to surface from within our organisation?’ What if a scenario arises where an account gets compromised within the organisation and the internal user starts spamming customers? That’s why measures to counter internal threats with effective security tools are essential.
Thirdly, a prevalent industry issue is an overwhelming volume of incidents security teams battle with. Outsourcing or managed responses can improve the mean time to detect and respond to incidents and allow organisations to focus on the core operations of running the business.
Lastly, the power of APIs (Application Programming Interfaces) is a significant advantage that is hugely underestimated. Instead of applications working in silos, integrating various security technologies through APIs will enable the sharing of threat information and enhance preventive measures across network and device levels. So, leveraging APIs, ensuring visibility, optimising incident response and managing overwhelming incidents all contribute to a more robust defence against threats.
What are some of the features included within Microsoft 365 that help ensure stronger security and what are its limitations?
Let’s focus on key security features. Even the basic Microsoft license now offers comprehensive protection and this will cover various risks like accidents, malicious attachments and allow Business Continuity. While this might be true, the extent to which they provide this protection is very limited. For instance, if an entry-level scam happens on Microsoft’s site, we can rely on reputation databases to detect any malicious URLs and block them.
Mimecast does the same thing but that’s where the similarity ends. We protect from a lot more attack vectors and not just a reputational database. True security requires more advanced techniques and this is where we specialise, using AI to better identify such threats and detect impersonation attacks.
Similarly, Microsoft’s impersonation protection can be configured as a policy, but its scope is limited to only about 60 users. If an organisation has as many as 1,600 users, applying this becomes complex as we would have to create hundreds of impersonation policies to protect those users. So, it’s not just from a technology perspective but from the ease of use, admin and maintenance headaches.
Additionally, depending solely on Microsoft for email continuity is risky as recent events have shown the system’s vulnerability to downtime. Aside the technological limitations, if an attack happened and you were in the recovery process, it would be difficult to keep sending emails and host events simultaneously in the process. It is like having all your eggs in one basket.
On the other extreme, an organisation might opt for Microsoft’s premium license which provides more features. However, it will still lack the same efficacy as other brands in terms of email security and faces potential service outages due to overreliance on a single source. So, while both Microsoft and other premium licenses will offer similar features, there are nuanced differences in security effectiveness and reliability that need to be carefully considered.
Why is a third-party solution a key necessity to mitigate security risks with Microsoft 365 and what added value can Mimecast provide?
Microsoft is an amazing product and collaboration tool. However, that’s exactly where the problem arises. Productivity and collaboration were key drivers at its building stage and not security. While it is a great tool, it is lacking in its ability to protect productivity suites and collaborations.
Also, Microsoft is widely adopted and has since the pandemic undergone a complete Digital Transformation with several organisations using its collaboration tools. The wide adoption and amount of data it holds makes Microsoft a primary threat landscape. Relying on Microsoft to provide security will constantly put organisations under threat as huge data attracts more attackers who want to exploit the vulnerabilities within organisations.
Organisations must layer this with different technologies to support and provide protection and this is where Mimecast adds stronger value. We ensure that teams work seamlessly across productivity and collaboration suites. We manage vital aspects of security and ensure a perfectly secure collaboration and email platform for work.
How do organisations face the challenges associated with changing infrastructure and ever-growing attacks with a layered security approach from Mimecast?
Years ago, attacks were limited to spam and viruses but as technologies advanced, any individual with malicious intent can access the Dark Web, get a phishing service and launch an attack. That is how simple it has become to launch sophisticated attacks.
With this landscape, for every risk vector you identify, the industry has devised a different solution that is positive and ensures fixes and solutions. This creates a challenging scenario where you manage multiple technologies with multiple risks that would have to be checked at the C-level. This does not consider budgeting factors which would add further complications. This situation requires hands-on resources that can investigate policies and respond to incidents which implies that team expansion is a necessity.
The result is a multiplication of risks from the complexity of managing multiple technologies. Hence, it is necessary to provide a solution that can address different risks under a single umbrella. This will lower the costs and lead to the hard conversation that you need to have with the management that reduces the number of analysts you require as part of your security team and ensures that you have a single pane of glass to manage all these risks and provide better management. This is the right way to approach layered security. The opposite would be having clunky bits of technology spread across your home security portfolio.
Looking ahead, as the threat landscape continues to evolve, why must a multi-dimensional problem be solved by a multi-dimensional solution?
It is paramount to lead with a multi-dimensional approach. When you assess the problem, you are protecting multiple areas; underlying data across collaboration tools, people and all communication channels. To effectively have technologies in place to protect these areas, it is imperative to understand the risk vectors that are involved. This can be explored under three main factors.
The first are the malicious actors. They are highly sophisticated and have all the time and resources in the world. They can bide their time and extract the right information to perform an exfiltration of data and cause financial loss to your organisation.
The second factor is people, the nature of people to be susceptible to being duped, a factor which attackers count on. Today, we click on links 10 times faster, we have multiple files open across multiple platforms and these are techniques attackers use. They know it is easier to trust a mail that comes in while you are occupied.
Technology fallibility is the third factor because no tool is 100% successful. Depending on technology to solve all your issues is problematic. Protecting people, communications and data should be a priority to organisations. Ensuring technologies are well integrated in terms of APIs will also keep them ahead. It is important to apply such security across these layers and this is why every organisation needs a multi-dimensional solution as relying on a single technology that promises to cure all is not plausible.