We have all heard the horror stories in the media, companies big and small having their data held to ransom, or CFO’s & Finance teams being tricked into releasing large sums of money as payments requested by somebody masquerading as a CEO or GM.
In my previous Blog post, I mentioned that typically the first part of a business’s move to the cloud is to move E-mail services. This is the where we find the first stumbling block on the road to cloud-based nirvana. When moving to cloud services we commonly see organisations neglect security on the false belief that somebody else now does this or the old issues no longer apply. Let’s use E-mail as the example, many will move their business e-mail to the cloud and forgo anti-spam/anti-malware protection as typically cloud services have this built-in. The issue here is these built-in services really are the lowest common denominator.
Advanced Threat Protection
Advanced Threat Protection (ATP) for Microsoft Exchange Online and Office 365 represents a highly integrated and intelligent protection service provided by Microsoft. It's highly recommended that a service such as ATP is not an afterthought when moving your e-mail to the cloud, all too often we see customers forgo ATP due to the slight bump in cost per user and end up suffering from one of the aforementioned fates. ATP utilises machine learning techniques to look at trends and behaviours from emails both to and from you/your organisation, then specifically provides “tips” when it sees out of the ordinary behaviour, through to flat out recognising and blocking phishing e-mails. ATP has many features that can be utilised to enhance your organisational security and other compliance needs.
All too often we see organisations that are victims of simple multi-faceted attacks. A targeted victim’s password is captured via a simple attack, said attacker logs into the cloud provider and sets up a forward and delivery option to syphon all inbound email for that user into a mailbox that is controlled by the attacker. From here the attacker can cause any level of malicious damage and typically we see this as the method of choice to enact the “payment of an invoice” style attack masquerading as a CEO/CFO/GM (they can now emulate the signature and how this person talks as they have months of emails from/to that person).
All the above could be avoided if Multi-Factor Authentication (MFA) was implemented. MFA combines the use of a username, password with another type of authentication such as a phone call to a designated number, special application prompt on a nominated mobile device, one-time rolling code etc. This means even if the username and password are compromised the attacker will not be able to access the services secured by MFA.
MFA is built into Microsoft online services and is simple to enable. It provides an almost non-optional layer of protection that needs to be baked into your businesses cloud strategy.
The above is only a very small component of securing your cloud nirvana, if you would like to know more or discuss how to ensure your cloud strategy has security baked in please drop Lucidity Cloud Services a line.