Organisations need to rethink their security technology stack and how environments are managed and contained, says Gartner in an analysis of the threat vectors most prominent in 2022. The research firm highlighted how the ‘ever-expanding digital footprint’ of the modern business is increasing risks, opening up vulnerabilities and creating gaps that are wide enough for any hacker to step inside. Security has to be a priority for the business, particularly those using Microsoft 365 environments. Not because they are easy to hack, but because they are so popular. As Quintin van Zyl, Head of Managed Services at Qwerti, points out, it is one of the most powerful and well-known platforms in the world and so it has to remain as secure as possible to mitigate relentless attacks.

“One of the biggest challenges is ensuring that environments like Microsoft 365 remain secure,” he adds. “This solution has become incredibly popular and is in use by millions of organisations worldwide, which makes it a target.”

Microsoft Office, just one part of the 365 ecosystem, is currently used by more than one million companies worldwide and holds 46% of the global market, only two percent less than its closest competitor, Google’s G Suite. It is an impressive software solution that offers an equally impressive architecture to the modern organisation as it navigates the complex seas of hybrid working frameworks, global clientele and ongoing uncertainty. However, the risks that walk hand in credit card with the platform must remain top of mind.

st people sign up for the platform with their credit card or they use a vendor that can sign them up instead,” says van Zyl. “Then they set it up, and forget about it. They simply get on with the business of doing business. The problem is, they often neglect to set up the security features and functionality that have to be enabled to ensure that 365 remains a secure system. Microsoft has put a lot of research and development into developing this security, but it’s of little use if nobody enables it.”

The Microsoft 365 Defender Security Research Group is exactly that – a dedicated service using research, development and analysis to identify and protect against the cybersecurity onslaught. The team of more than 8,500 security engineers and researchers monitors more than 24 trillion daily security signals using artificial intelligence and automation, and has blocked more than nine billion endpoint threats and 32 billion email threats. It is a behemoth built to secure and protect. It also won’t do what it needs to do if the entire Microsoft 365 ecosystem isn’t using it properly.

“This situation is further complicated by staff turnover and poor security policies,” says van Zyl. “People may leave, others may not get training, and the result is that security best practice degrades over time. This means that gaps can appear in the security, people can use poor passwords, malicious emails and sites can get through the firewalls, and that the whole organisation is less a smooth unscalable wall and more a sieve.”

These are just some of the most common risks inherent within an unmanaged 365 environment, but there are multiple other elements that can influence how well the business is protected, if at all. To resolve this, companies have to focus on creating an environment that prioritises security throughout every part of the business ecosystem. This includes staff training, policy development, password management, reporting, and awareness. It also should include using a third-party service provider to take on the management of the entire Microsoft 365 ecosystem so that nobody turns off that notification because it’s annoying, or that zero-day exploit goes unnoticed because nobody is aware of it.

“If you don’t ensure that these boxes are ticked, it’s easy for hackers to get hold of someone’s password and use it to access the business, or for your global admin rights to be misused or stolen, opening you up for attack,” concludes van Zyl. “Then, your business is compromised, you lose money, you lose reputation, and you can come up against the regulatory and compliance firing line. It’s not worth it to compromise on security, not anymore.”

A managed Microsoft 365 environment will be honed to secure perfection, leveraging the skillsets and expertise of a trained security team alongside the security features enabled by Microsoft itself. It will ensure that users are managed and trained, that policies are robust, and that holes are found and patched before they become an expensive mistake.