Is Bundled Office 365 Email Security Hiding Costs to Your Business?

Office 365's Email Security entails hidden costs that your IT department may not realize it's paying. From weakened filtering to email outages and limited archiving, every organization has cause for concern with O365's security.

By Mike Petsalis

The challenge with O365 has never been productivity, but security. Office 365 is probably the most powerful productivity suite that has ever existed for organizations of all sizes. Its breadth and scope has gone essentially unmatched in the market, and applications are constantly added or improved to make it easier for everyone in O365 organizations to communicate with each other and function effectively in the workplace.

As implied above, that productivity can come to a screeching halt when security is compromised, while Office 365's bundled security may also entail hidden costs that ultimately reduce your organization's effectiveness. For instance, lacking features for email security in Office 365 include:

• Superior blocking for both known and advanced threats
• Protection against phishing from other Office 365 users and organizations with compromised accounts
• A well-orchestrated defense that integrates smoothly into other elements of your existing security ecosystem
• An adequate response to email outages that can cost days or even weeks of productivity in a given year
• The ability to retain and archive business-relevant content in a way that's legally defensible

Fundamentally, this comes down to the fact that 90% of cybersecurity attacks start with phishing emails, and 91% of targeted attacks target people – not systems, applications or tools. "Office 365 is a tool," one might say, "in what case could it create vulnerabilities to targeted attacks?"

Security Needs Specialization to Keep Up with the Latest Attacks

Office 365's security effectiveness needs to be measured on how well it protects people, and this is where hidden costs begin to emerge. Attackers today are using multi-layered phishing techniques that evade many conventional defenses. They continually trying to deliver malware and advanced ransomware, compromise key accounts, divert funds through wire transfers, gain access to sensitive data and execute other forms of Email Fraud and Business Email Compromise that escalate in sophistication with each wave of attacks.

Attackers and cyber criminals have also found key vulnerabilities within Office 365's email infrastructure that enable the propagation of phishing and account compromise within and between Office 365 user organizations. Whether it's because of Office 365's inherent whitelisting of Office 365 sending domains or some other structural challenge, our own customers and others on Office 365 have reported an astounding frequency of phishing emails reaching their users' inboxes from compromised Office 365 accounts in other organizations. This problem has only been exacerbated by Office 365's massive growth, which leaves hundreds of millions of users vulnerable to the propagation of Office 365 phishing and account compromise, and the additional risks and negative effects that it entails.  

Office 365 also provides no contingency plan for mass outages and email downtime, meaning your users' productivity is compromised whenever Office 365 goes out, for however long it stays out. Several major outages lasting days, and even weeks, have affected O365 since its introduction in 2011 in all major server regions across North America, Europe and Asia-Pacific.  

The fundamental compliance capabilities of Office 365 are further lacking when it comes to Email Archiving, meaning your organization can't effectively retain and produce email documentation as it's required by legal proceedings. Office 365 employs "in-place" archiving, meaning that emails remain in a user's mailbox while manageable by a company's retention policies. This "in-place" archiving can cause searches and eDiscovery to be excruciatingly slow. Additionally, the absence of off-site cloud archiving within Office 365 compromises the legal defensibility of any documentation that it produces.

Who Benefits From Better O365 Email Security?

While all users benefit from enhanced security, the most tangible benefits are realized by IT leaders and decision-makers who no longer have to be bothered with the challenges that insufficient Office 365 email security produces. Consider how much the following tasks cost you as an IT person:

• Tracing and cleaning up messages?
• Remediation, Re-Deploying Machines and Recovering Data?
• Managing support during outages and after attacks?

For most IT people, these activities often take between 10 minutes and 1 hour per incident, ultimately eating days or even weeks out of your work year. Office 365 is, at its base not designed to help you spend less time on these tasks. Its limited protection, continuity features and phishing proliferation risks mean that without effective 3rd party protection you're left open to time sinks and significant lost productivity.

While organizations ultimately pays the price for this, IT specialists and administrators bear the real burden of Office 365's security failures. However, they can also reap the primary benefits of choosing a 3rd party solution that provides effective filtering, email continuity, general visibility and threat intelligence that makes security and its required responses easier and more manageable.

What To Look for in Improved Advanced Threat Protection for O365

Advanced Threats aren't driven by programmatic systems like spam campaigns of the past, but by individuals and groups dedicated to finding the craftiest possible way to scam your organization. These targeted attacks mean you need better protection against "zero-day" email threats, where databases of sandboxed URL's and time-of-click protection against the latest threats prevent new tactics, malware or other threats from victimizing your users.

Your most effective form of email security also needs include bulk email protection, highly accurate graymail classification and ATP features that make a meaningful impact on your users' inboxes. Phishing Protection, for instance, needs to work in concert with protection from malicious URLs and Attachments, but also needs to function without any default exclusion or discerning between sending domains.

These elements converge to detect email imposters who use "reply-to" spoofing and other tactics to visually deceive users into responding to email requests as if they were authentic, while effective URL protection needs to not only rewrite URLs as they pass through your email gateway, but also refer to complete databases of sandboxed URLs that understand the origins of both hosted malware and hosted non-malware attacks like credential phishing.

These evolving threats fundamentally require time-of-click scanning on URLs and attachment scanning that goes beyond signatures - regardless of where mail is hosted. For example, bad actors now commonly send waves of email pointing to compromised websites, but only upload malicious content after most of the wave has been delivered. They might also use attachment-based attacks where files are bulk created with changes so that hashes don’t match and signatures are effectively masked, or other forms where only sandboxing can verify whether an attachment is malicious or not. Microsoft Advanced Threat Protection protects against both of these for Office 365, but does nothing to help with the primary challenge facing O365 customers, which is phishing from compromised Office 365 accounts. Given that there are over 120 million commercial users for O365, a fairly large security hole to leave unaddressed.

Thus, all the effort put into time-of-click URL scanning (whether done through rewriting at the email gateway or other means), filtering of seemingly benign attachments that could contain malicious links, or other efforts by Office 365 ATP to prevent credential phishing, deliver hosted malware or divert funds are rendered useless if such attempts are sent from compromised O365 accounts. Sufficed to say, a more effective email security system doesn't allow this to happen.

Why Email Continuity Is the Missing Piece of Your O365 Puzzle

Email outages and server downtime have always impacted productivity across organizations, but since 2015 frequent email outages on Office 365 have cost user organizations hours and days of lost productivity with little contingency provided by Microsoft. For instance, in January 2016, some organizations reported issues for up to 9 days, with 5 more major outages occurring worldwide between that time and September 2017.

Even if Microsoft promises 99.9% uptime in its Service Level Agreement, Office 365 serves more than 1 Billion users worldwide and over 120 million commercial subscriptions, meaning in aggregate 0.1% of those users could go through an entire year of downtime without necessarily compromising Microsoft's overall SLA, averaging out to 8.76 hours of downtime per user per year.  

While you might get reimbursed for an O365 failure in a particular month, there's no way to make up the costs to productivity that sort of outage causes. Every business on O365 needs to have a contingency plan for Email Continuity, or some sort of effective Emergency Inbox, in place to reduce the costs to both IT and organizations as a whole.

Archiving, Encryption, DLP, Threat Intelligence and You

While Office 365's comprehensive archive can collect and store data from its entire variety of apps, email is a particularly sensitive application that poses risks for your business in both regulatory compliance and legal proceedings. In-Place archiving on Office 365 makes search and eDiscovery processes slow and cumbersome, while the legal defensibility of such archiving may prove challenging.

These are some of the concerns that are addressed by solutions built to accommodate the needs of IT administrators in growing businesses. This means you need a platform that's driven by a deep understanding of the email security landscape, as well as industry-specific regulatory requirements and the influx of devices users communicate with. With those specific challenges addressed through a 3rd party offering, you can feel more confident in your O365 being used for what it's supposed to do -- drive the compelling, motivating, inspiring productivity that your users are looking for to get their jobs done.

Vircom's modusCloud provides effective email filtering, Advanced Threat Protection, Office 365 Phishing Protection, Email Continuity, Encryption and Archiving that's purpose-built for small and medium businesses who are managing the challenges and threats that come with their everyday work. We provide powerful technology at great value with obsessive customer support because we're driven to make your work easier and your business more secure. When thinking about what to do to address the Office 365 needs listed above, think of Vircom.

This article is part of a marketing program that allows advertisers to share their content with our audience. The editors of this site were not involved with the creation of this content.