As Office 365 use expands, security risks are becoming harder to spot, researchers warn
Microsoft’s Office 365 turned five years old on Tuesday, and as the platform is seeing rapid expansion in enterprises computer security researchers have warned that the risks are also becoming more complex, with malicious actions becoming harder to spot, computer security researchers have warned.
After testing that began in October 2010, Office 365 launched on 28 June, 2011 and was originally aimed at corporate users.
It is now the most popular cloud service in the workplace, surpassing Salesforce, something that would have been “unthinkable” two years ago, according to Skyhigh Networks, which provides cloud-based security services.
‘Needle in a haystack’
In a recent study the company found that Office 365 use had increased by 320 percent over nine months ago, with 22.3 percent of those surveyed now using the platform.
The security challenge posed by such rapid growth lies in the difficulty of spotting malicious actions amidst the vast number of “events”, such as file uploads, logins and edits, that pose no risk, Skyhigh said.
Out of 5.6 million events each month, an average of 256 are “anomalous” while only 2.7 represent genuine threats, Skyhigh found.
“That’s a very small number of needles in a very large haystack, one which is only getting bigger,” said Skyhigh’s Nigel Hawthorn in a statement on Tuesday. “IT needs smart analytics that can cope with huge volumes of data to ensure they find the two or three incidents that could be catastrophic.”
He said “alert fatigue” is becoming a serious issue, with 30 percent of organisations ignoring security warnings due to the frequency of false positives.
Skyhigh’s research cited the breach of retailer Target as an example of the consequences of alert fatigue – the company’s IT security team ignored a warning that correctly identified the breach before any data was stolen.
“Had they acted immediately, it’s likely the scope of the breach￼would have been much smaller,” Skyhigh said in the study, which is available from the company’s website.
Earlier this month Microsoft said it would boost the security of enterprise deployments of Office 365 with Advanced Security Management, a suite of tools that offers admins threat detection, policy making tools and insights into how the software is being used.
This, Microsoft says, will help protect corporate environments – particularly against Shadow IT – and help IT departments maximise their resources by seeing what how Office 365 is being used and which applications are interacting with it.
Advanced Security Management allows admins to set up anomaly detection policies that scan user activities and issue alerts if a potential breach of network is spotted. There are more than 70 different indicators, including failed logins and inactive accounts, and behavioural analytics to spot any unusual patterns.
Are you a security pro? Try our quiz!