All ContentThe Cost of Microsoft Office 365 Security AND Compliance
The Cost of Microsoft Office 365 Security AND Compliance
Executive Summary
So your organisation has decided to migrate to Microsoft Office 365.
While you’ll likely benefit from its cloud collaboration capabilities, you
might want to ask more about what Office 365 means for security,
compliance and e-discovery.
It sounds hard to turn down the promise of advanced threat protection,
data protection and an online archive designed to meet privacy,
compliance and data-retention requirements especially when it’s all
included with your Office 365 deployment. Why spend more money on
third-party email security or archiving when it comes as part of your
Microsoft license? Aren’t all email security and compliance solutions
pretty much the same?
The answers to those questions aren’t that simple. While Microsoft
security might be fine for some purposes, it could also lead to problems
and cost more than you expect. Not all advanced threat, email security,
or compliance archiving solutions are created equal.
Think about it like the differences between a camping tent and a house.
Both can keep you dry during a sudden rain shower. But in a winter storm
with gale-force winds, only one of them will make a good shelter.
In the same way, an advanced email security solution can provide
better security and compliance defences in today’s stormy
cybersecurity environment.
Why email security for Office 365
must be a top priority
It’s no surprise that 91% of targeted attacks start with email.1
From phishing to malware, email makes it easy for attackers to exploit
the human factor and to steal credentials, data and more.
Phishing
In the 20-plus years since it was first identified as a threat, phishing has
morphed into a highly sophisticated technique for stealing credentials,
funds and valuable information. Today’s phishing is multi-layered and
evades many conventional defences. Attacks can be broad-based or
highly targeted. Many use malware, but others don’t. Cybercriminals
even deliver phishing emails through legitimate marketing services to
evade spam filters and other defences.
Whatever their tactics, phishing attacks are highly successful. According
to Verizon’s 2016 Data Breach Investigations Report, users last
year opened 30% of phishing messages, up from 23% in the prior year.2
And the SANS Institute reports that 95% of network attacks result from
spear phishing.3
The Cost of Microsoft Office 365 Security and Compliance | report
Proven Success at
Leading Enterprises
“Proofpoint has given us
protection from standard
bulk campaigns in Office 365
emails, giving us our time
back to find more evil things.
—CISO, Global 500 Manufacturer
“Using Proofpoint to secure
our Office 365 email has
saved us time and money
that would have otherwise
been spent on rebuilding
compromised systems.”
—CSO, Fortune 500
Banking Company
“Customer service and
support has been excellent.
The product works very well
and has kept us phish-free for
a year now.”
—Kenneth Brown, CIO,
Whitworth University
“Office 365 allowed too
many legitimate phishing
messages through. We had
users fall victim, despite all
the end user training to not
click and enter credentials.
With Proofpoint, efficacy has
greatly improved to the point
where I can’t recall the last
time it happened.”
—Network Administrator,
Private University
3
Malware
Today’s creative attackers use automated tools to mine information about
their targets from social media profiles, which are often public. That means
attackers know where you work. They know your role, interests, hobbies,
marital status, employment history and more. Attackers use these details to
craft convincing email messages enticing you to click on a malicious URL or
attachment. Once you click, a malicious payload drops onto your system.
Business Email Compromise
cybercriminals
know that people
use email more
than any other
communication tool
Beyond these tactics, another technique has emerged as a new and serious threat: business email compromise
(BEC). BEC attacks are spoofed emails from someone posing as an authority figure. For example, an email that
appears to come from the CEO might ask a staff accountant to wire funds. Instead, the money goes straight to the
cybercriminal impostor. BEC doesn’t stop at fraudulent transfers, either: attackers may also trick recipients into
sending personally identifiable information, payroll details and more.
These threats can have a big impact on your bottom line. Today, the average total cost of a data breach stands at
$4 million, 29% more than the average in 2013, according to a 2016 IBM report.4
How does all of this relate to your Office 365 migration? The heart of Office 365 is Microsoft Exchange Online email.
The built-in security, compliance and archiving capabilities that come with this simply don’t meet the needs of
enterprise-class organisations.
Too little email protection can lead to costly breaches that taint your brand, damage your reputation and hurt your
bottom line. That’s why it’s important to enhance your Office 365 email defences.
Attacks target people
More attacks come in via email than through any other vector. That’s because cybercriminals know people use email
more than any other communication tool.
The bad guys typically target individuals in HR, IT, or finance with access to funds or high-value data. They use
social engineering tactics to lure users into opening infected attachments, visiting malicious sites, or giving up assets
(such as credentials or financial data). Once they gain entry to a user’s system with malware or stolen credentials,
cybercriminals can penetrate corporate networks and exfiltrate treasure troves of sensitive information and valuable
assets. So it’s no wonder that security has evolved into a boardroom challenge. Deploying a secure email gateway is
clearly a business-critical decision.
You can’t respond to what you can’t see
To discover and respond to indicators of compromise (IoCs) effectively, you need the right insights. Unless you
have an email gateway that provides you with deep, detailed reporting, you’ll be left searching for the proverbial
needle in the haystack.
Blocking threats using an email gateway has two critical advantages. First, you gain understanding about the whole
attack, not just the final stages of it, after it has reached your network. Second, by catching threats at the gateway,
you can stop them before they compromise your environment.
Siloed security is not sustainable
In the ever-evolving threat landscape, hackers coordinate attacks across multiple vectors. A well-orchestrated
defence is vital to a good security posture. Protecting Office 365 is a top priority. But an effective solution must also
integrate with the rest of your security ecosystem. From your firewall to your security management platform, smart
and automated coordination can help you effectively prioritise and contain the impact of threats.
4
The Cost of Microsoft Office 365 Security and
Please complete the form to gain access to this content
