New report! Outbound email: Microsoft 365’s security blind spot

Industry news

Thousands of organizations across the world enjoy the productivity benefits Microsoft 365 brings. However, they could be inadvertently leaving themselves wide open to the biggest cause of data loss – outbound email.

Egress research has shown that 85% of organizations using Microsoft 365 have had an email data breach in the last 12 months. We also found that these organizations are experiencing more incidents than those without Microsoft 365, plus their IT leaders were more concerned about the future of remote working and being able to protect client data.

Download your report to keep for a full understanding of Microsoft 365’s security blind spot.

How often is data being leaked?

Microsoft 365 offers some native data loss prevention (DLP) capability, so businesses might believe they’ve secured themselves against email data loss. However, our findings show this capability isn’t nearly enough to mitigate the reality of today’s outbound email risks.

Organizations using Microsoft 365 have seen a 67% increase in data leaks via email since March 2020 – compared to just 32% of the businesses who don’t use it. And these aren’t one-off incidents. We also learned that 15% of Microsoft 365 organizations had been breached over 500 times during that same time period.

What are the impacts?

The fallout after a data breach can be far reaching – from regulatory fines to reputational damage. When a business is experiencing many data loss incidents a year, these impacts stack up. Clients are also becoming increasingly aware of who they do and don’t trust to protect their data.

Our report has uncovered that Microsoft 365 organizations are spending more time going through internal remediation and investigation, suffering more client churn, and are more frequently asked by clients if they have DLP tools in place.

28% of IT leaders from Microsoft 365 organizations told us client data was the most likely type to be leaked compared to 10% of IT leaders who weren’t using Microsoft 365 – so it’s not surprising that clients are taking notice.

Why is Microsoft 365 security limited?

Microsoft 365 provides some native safeguards to prevent email data loss, but they’re based on traditional static DLP rules. Like all traditional solutions, these rules simply aren’t intelligent enough to dynamically mitigate incidents in the way current email use requires. Out of the IT leaders we spoke to using static DLP tools within Microsoft 365, a staggering 100% of respondents were frustrated by its use.

In a remote-first world (where email is being relied on more heavily than ever before) traditional DLP solutions have been unable to combat the rising tide of email data loss.  Our findings show that IT leaders from Microsoft 365 organizations are more concerned about the risks associated with both remote working and employees working from mobile devices.

With remote working here to stay, businesses need solutions they can trust to keep digital communication channels secure and allow them to share content confidently.

What next for Microsoft 365 organizations?

There’s no doubt that Microsoft 365 is a useful productivity tool – but it needs a complementary (and intelligent) solution to combat the issue of outbound email. The only way to truly prevent human-activated breaches is through technology that understands human behavior.

Intelligent Email Security uses machine learning to adapt to each individual user’s patterns of working and sharing data, whether they’re remote or in the office. This allows it to detect the context-driven incidents that slip through the net with traditional rules-based DLP such as Microsoft 365.

Intelligent ‘human layer security’ should be a key component of every organization’s security strategy going forward, allowing them to both protect data and help employees to remain productive.

You might also be interested in ...