21 May 2020
DX Accelerating - as is Data Security Complexity
At the end of April, Microsoft CEO, Satya Nadella was quoted in the media saying his company had seen two years’ worth of digital transformation (DX) in two months, with massive demand for remote teamwork and learning, sales and customer service, and critical cloud infrastructure and security. This major change was one of the reasons why Microsoft’s January-March earnings and profits exceeded market expectations.
In the following weeks we took a good look at the 2020 Thales Data Threat Report that was compiled recently with the help of IDC Research. In their findings it was not surprising to see that DX is being used as a strategy by 43% of the companies in the report in order to disrupt the markets and sectors in which they participate.
Some of the key findings in the report are –
- Digital Transformation is complicating data security.
- Cloud environments are now housing significant amounts of data, creating a significant risk.
- As multi-cloud becomes the norm data security is becoming more complex.
- Organisations sense of data security is at odds with reality.
- Higher security spend doesn’t match security focus.
To access the 2020 Thales Data Threat Report Click Here.
Our team can assist businesses to apply transformational technology in the pursuit of new opportunities in a safe manner and help them to protect the data assets that are key to an organisation interacting with customers, gaining insights, and operating their business. For more information Click Here.
Read about our Cybersecurity Improvement Program.
Video Conferencing Security
In our last newsletter we wrote about some of the security challenges associated with popular video conferencing solutions. Zoom had attracted some negative commentary in the media; however, it’s good to see they have started acting on the CEO’s promise to improve security within 90 days by announcing the purchase of the security company Keybase, who build secure messaging and file sharing technologies.
Microsoft Teams Alerts - Phishing eMails
Whilst we haven’t encountered this particular phishing campaign please be aware that there are reports of phishing emails in circulation pretending to be Microsoft Teams notifications. These emails attempt to take victims to fake landing pages that use language and imagery taken from Microsoft's Teams and 365 websites, giving these domains a realistic look. Once on a fake landing page, the user is asked to enter their credentials which are then harvested by the attackers.
To view recent articles on this issue -
threatpost.com: Microsoft Teams Impersonation Attacks Flood Inboxes.
www.bleepingcomputer.com: Convincing Microsoft 365 phishing uses fake Microsoft Teams alerts.
Contact Mike or Steve who are available to discuss our Teams security audit service.
CISA Release Report on Microsoft 365 Risks and Vulnerabilities
The US national risk advisory body - Cybersecurity and Infrastructure Security Agency (CISA) - has issued an alert encouraging organisations to implement a cloud strategy aimed at protecting their infrastructure assets by defending against attacks related to their Microsoft 365 migration and better securing Microsoft 365 services. Specifically, CISA recommends in the alert that administrators should implement 6 mitigations and best practices. Further information here.
Having undertaken a number of Microsoft 365 security audits (view details of the service here) the key learnings and market observations we have noted are:
- Even well managed and mature sites are being compromised.
- It is important to know all your data aggregation points at all times.
- Data sharing across the Microsoft 365 environment is misunderstood.
- Identifying termination points, where data can be readily shared with external parties, is critical.
- Cloud service mapping and effective management reduces unnecessary risks and exposures.
- Knowledge of all Microsoft 365 capabilities and security dashboards aids prevention or early detection.
Read a case study or testimonials from our customers about our Microsoft 365 Security Audit.