Microsoft 365 Email Protection Enhancements

Many businesses use Microsoft 365 for email, yet still find malicious emails are delivered to their inboxes, even though Microsoft 365 email protection features are enabled and correctly configured. Those emails include phishing and spear phishing emails that target employees and seek sensitive information such as login credentials, and emails with attachments that are used to deliver malware. The problem is also getting worse, as malicious actors are conducting increasingly sophisticated attacks on businesses and attacks have been increasing in number. 

Email is the Number 1 Vector for Gaining Initial Access to Business Networks

While there are many ways that threat actors can gain access to business networks email is the most common. The ransomware remediation firm Coveware has reported that email phishing has been the main way that ransomware gangs gain initial access to business networks for the past three consecutive quarters from Q3, 2021 to Q2, 2022.

According to the 2021 Cybersecurity Threat Trends report from Cisco, 86% of organizations have reported that at least one of their employees has clicked a link in a phishing email, and the report suggests that around 90% of data breaches occurred due to phishing. The Anti-Phishing Working Group reports that the first quarter of 2022 was the worst ever quarter for phishing attacks and the first quarter to date that involved more than 1 million reported phishing attacks. 

Malware is a constant threat, but malware attacks have been down over previous years; however, SonicWall reports that for the first time in three years, malware volume has increased. Businesses are also facing a barrage of ransomware attacks, with the same report suggesting there was a 148% rise in ransomware attacks this year. 

All Types of Threat Actors Use Email to Attack Businesses

It is not just cybercriminals conducting these attacks. Nation-state threat actors are also targeting businesses seeking proprietary data and access to business networks for a wide range of nefarious purposes. Microsoft and several cybersecurity firms have reported that North Korean state sponsored threat actors are conducting ransomware attacks on SMBs and have been targeting them since September 2021. The rise and increasingly sophisticated nature of cyberattacks should be a concern for SMBs and should serve as a warning that Microsoft 365 email protection needs to be improved.

More than one million businesses use Microsoft 365, which makes the cloud-based platform an attractive target for threat actors. If they can develop a campaign that bypasses Microsoft 365 email protection features, all businesses that use Microsoft 365 email can be attacked. It is also fairly straightforward to bypass those defenses since the protections provided as standard are static and have the same configurations. Threat actors can also test their campaigns on their own accounts – which cost next to nothing to purchase – to ensure that their campaigns are effective. 

How to Improve Microsoft 365 Email Protection

To block these threats there are some simple steps that businesses can take to improve their defenses against email-based attacks, some of which cost nothing, and others will require some investment. That investment will be money well spent due to the number of threats that will be blocked and the data breaches that will be prevented. 

1.     Invest in an Advanced Email Security Solution

Microsoft 365 email protection is provided through Exchange Online Protection (EOP) which is intended to block the most common threats. It will block most spam emails, known malware, and many mass-phishing emails. What the solution lacks, however, is advanced protection measures. Consider upgrading to Microsoft Defender for Office 365, but a better option would be to use a third-party advanced spam filter or secure email gateway that can protect against advanced malware threats through behavioral detection (sandboxing), has better predictive threat detection capabilities, and time-of-click link scanning to detect malicious URLs in emails. We recommend SpamTitan Plus from TitanHQ for the best protection against phishing attacks. 

2.     Take Advantage of All Microsoft 365 Email Protection Features

You should set up alerts in Microsoft 365 email to identify any suspicious activity, and you should ensure that those alerts are monitored and acted upon. You should also do this with any third-party Microsoft 365 email protection solutions you have implemented.  Consider disabling auto-forwarding of emails to remote domains, as phishers and business email compromise threat actors often set up rules in mailboxes that have been compromised. Microsoft 365 offers email encryption and setting this up will protect against the interception of emails. 

3.     Provide Security Awareness Training to Your Employees

Technical Microsoft 365 email protection measures should be implemented, but don’t underestimate the value of providing security awareness training to your employees. Threats will arrive in inboxes no matter how many security solutions you implement. Employees need to be trained how to identify email threats and be taught cybersecurity best practices. Training should be an ongoing process and needs to be provided regularly. Cybersecurity firms and training companies offer high-quality courses, and phishing simulators to test whether employees can identify malicious emails. Security awareness training and phishing simulations have been shown to greatly reduce susceptibility to phishing emails and other email threats.