Research finds disconnect between belief and reality in Office 365 security

clock • 2 min read

Microsoft customers believe that they are always protected; the truth is much more varied

Microsoft's subscription service, Office 365, has been very successful. Business subscriptions are up (20 per cent last year), while revenues have overtaken those of traditional long-form licensing models.

New Computing research, now available in a white paper, shows that 95 per cent of respondents (170 UK IT decision makers) have already migrated to Office 365. However, more than 70 per cent lacked full confidence in the service's security measures, which is preventing larger-scale migration.

Respondents said that complexity of hybrid cloud migration and portability of data were both top concerns preventing their organisation from fully adopting Office 365; but security was by far the most widely-shared factor, cited by more than 56 per cent of IT leaders.

In something of a surprise result, considering the proliferation of damaging attacks last year, ransomware was feared less than general malware, viruses and Trojans. It is still a significant threat for the future, though.

The majority of malware - 90 per cent - is still delivered through email. Three-quarters of organisations said that they had experienced an email-based attack in the last two years, and 41 per cent fending off multiple attempts. Further, almost 80 per cent expect to fall victim to email fraud in the coming year.

Office 365 is not itself to blame for the weaknesses in email security that cyber criminals are exploiting, although it is a large and growing target - and, as mentioned above, confidence in the service's security features is lacking.

Fewer than 30 per cent of respondents said that they believed Office 365's security to be adequate, while most (56 per cent) sat on the fence with a "Maybe". 14 per cent thought that their defences were not up to the job.

On top of these findings, there is considerable confusion about what an Office 365 subscription provides in terms of security. A standard subscription to Exchange Online provides spam filters and malware protection, although it is basic, relying on traditional anti-virus scanning tools. This makes it useful against conventional threats, but lacking against contemporary attacks like social engineering.

Around a quarter of respondents believed that any Office 365 subscription protects them against phishing (not true), and 27 per cent that it blocks ransomware (dependent on the form of attack and level of subscription).

The disconnect between belief and reality means that many of our respondents may be running unnecessary risks with their cyber security.

View all of our research into Office 365 in our white paper.

You may also like
Scammers already exploiting Silicon Valley Bank collapse

Threats and Risks

Email attacks already seen in the wild

clock 16 March 2023 • 3 min read
Partner Content: One step ahead: The importance of a proactive approach to insider threats

Security

When it comes to cyber security threats, organisations cannot afford to take a reactive approach and merely respond to issues after they have occurred.

clock 10 March 2023 • 3 min read

More on Threats and Risks

Ivanti VPN malware can survive a factory reset, warns CISA

Ivanti VPN malware can survive a factory reset, warns CISA

'Assume a sophisticated threat actor may deploy rootkit level persistence'

John Leonard
clock 01 March 2024 • 2 min read
Hugging Face AI platform infested with 100 malicious code-execution models, researchers warn

Hugging Face AI platform infested with 100 malicious code-execution models, researchers warn

These models could create a persistent backdoor for attackers

clock 01 March 2024 • 3 min read
US, UK, Canada seek global coalition to combat state disinformation

US, UK, Canada seek global coalition to combat state disinformation

US, UK and Canada have endorsed a framework to tackle information manipulation

clock 27 February 2024 • 3 min read