Published by Andy Le Grice
October 21, 2022
The most popular email system in the world, Microsoft Outlook, has reportedly become an even greater target for phishing email campaigns – leading to the proportion of phishing emails evading Microsoft’s detection nearly doubling in the last two years.
With over a million organisations relying on Microsoft email, this is worrying news. If you’re one of these organisations, what should you do? The answer lies in a strong defence-in-depth security strategy. The first step is to supplement your Microsoft email security with a second vendor’s technology and threat intelligence. This will substantially reduce the risks attached to placing all your eggs in one security basket by creating a layered defence which is harder to evade.
Along with implementing the right mix of security technology, you’ll also need to raise user awareness. A phishing attack depends on human action to advance, so educating users about how to detect and act on suspicious emails will mean fewer mistaken clicks. A cybersecurity awareness training programme that educates users about the latest attacks, backed up with continual assessment, will help your organisation by increasing user confidence and reducing the number of successful attacks.
So, by now you should have a secondary security product in addition to your Microsoft email security and be educating your users. But at some point, despite best efforts, user credentials will be lost or stolen, giving someone the keys to walk right through the front door. The recent discovery of over 400 Android and iOS apps that were stealing people’s Facebook credentials, highlights the ease with which credential theft can happen. The good news is that lost credentials are of little use to cyber criminals if you have multi-factor authentication (MFA) in place. This extra layer of user verification will ensure that you’re doing your security due diligence by verifying each attempted log-in.
The growing ability of criminals to evade Microsoft security technologies is just one of the threats that highlights the need to keep evolving our defences. The implementation of MFA and a second vendor’s security technology along with user awareness training, will enable you to strengthen your organisation’s defences for the long-running fight against cyber-crime.