Security and Email Security

Threats Exploiting Employees a Concern For Microsoft 365 Users

Egress Report Cites Cyber Security Experts, Offers Recommendations to CISOs Representing the 1 Million Companies Deploying Microsoft 365
by Egress
Published on 20th Jun 2022

LONDON, UK – 21st June 2022 – Egress, the leading provider of intelligent email security, has today issued a report, Cybersecurity experts' views on email risk within Microsoft 365, identifying a number of security risks facing users of Microsoft 365, which along with its suite of tools, is expected to be relied upon by more than one million companies and over 250 million users1.

The threat analysis has been compiled by leading experts in cyber security. Lisa Forte is the co-founder of Red Goat Cyber Security LLP, Robin Bell is the Chief Information Security Officer, (CISO) at Egress, and Jack Chapman is the VP of Threat Intelligence at Egress. Their collective insights provide both the context associated with perceived risks as well as recommendations for CISOs to reduce both inbound and outbound risk, protecting their people, organization and customers. 

Overall, the expert panel felt Microsoft 365’s native security capabilities offered good, basic email protection from phishing, and data loss prevention (DLP) tools for dealing with outbound data loss. However, the group also believes that there remain issues requiring enhanced protection from highly advanced inbound phishing threats, outbound data loss, and exfiltration events that cannot be reduced by static DLP.

“Microsoft’s protection now rivals Secure Email Gateways (SEGs), but there remain substantial gaps in its email security. Both Microsoft and SEGs struggle to detect the most sophisticated social engineering attacks,” said Jack Chapman, Egress VP of Threat Intelligence. “Topping the list are threats that target and exploit individuals such as phishing attacks, and outbound risks such as data loss caused by human error or intentional exfiltration. CISOs must evaluate their level of protection and augment their existing email security with additional layers of technology where required, to protect their employees and their data.”

Snapshot of Email Risks in Microsoft 365

  • Phishing: credential theft, leakage of sensitive/regulated data, navigating users to malicious URLs, requesting multi-factor authentication (MFA) codes, and ransomware.
  • Human Error: autocomplete of the incorrect email recipient, complex, manual management of customizations and settings.
  • Deliberate acts of data exfiltration for as yet unknown use cases that are not covered by policies.
  • Reporting is limited when seeking to understand the level of risk from phishing emails.

Microsoft 365 - CISO Security Recommendations

To CISOs responsible for the safe deployment and use of Microsoft 365, the Egress report offers a number of key recommendations, beginning with a question - how much do I understand? Framing this guidance is that any tool or service is more easily deployed when it is user-friendly and frictionless.

Understanding begins with CISO who must analyze the risks their organization faces in order to prioritize the right layers of security across people, technology, and processes. Further, they must understand the limits of Microsoft 365 and seek to avoid a cookie-cutter cyber approach. A comprehensive, holistic view of the risk is invaluable to identify the products that will complement and seamlessly integrate into your business environment to manage and reduce risks.

This approach must also extend to employees. To reduce human-activated risk, businesses need to reinforce widespread staff training and back it up with intelligent email security tools to catch moments when employees are prone to making mistakes.

According to the 2022 Egress report, Fighting Phishing: The IT Leader’s View, over the past 12 months, 85% of organizations were victims of phishing, 60% of organizations were hit by ransomware, and 40% of organizations had credentials stolen.

Egress Intelligent Email Security seamlessly integrates into Microsoft 365 to protect your organization from advanced phishing attacks and email data loss. Learn how you can enhance Microsoft 365 with Egress today.

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress has offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto. In April 2024 KnowBe4, the provider of the largest security awareness training and simulated phishing platform, entered into a definitive agreement to acquire Egress.