Infocyte Completes first 100 Microsoft 365 Security and Compliance Assessments

This post was last updated on November 12th, 2021 at 04:41 pm

Organizations Struggle with Proper Microsoft 365 Configuration with 28% Average Compliance Score (less than 50% of our target)

Microsoft 365 (aka Office or O365 or MS 365) is the most popular SaaS productivity and back-office platform in the market today. The MS 365 platform is leveraged by 90% of mid sized enterprises to manage user accounts, their identities and provide core services like mail. However, they all face the same challenges. Microsoft 365 security and compliance is complex and difficult to manage correctly from the outset. The other primary challenge is that once implemented, even the simplest changes from a single admin or priviliged user can significantly increase the risk to your business.

SEE ALSO: The 5 MDR Service Principles for the Mid Market

Infocyte has now completed over 100 Microsoft 365 Security Threat Assessments covering over 15,000 user accounts across small and mid-market businesses. The threat assessment findings quickly reveal that most organizations are struggling to keep their environments secure and are not leveraging key security controls (or best practices) within MS 365 to protect their environment. Couple these findings with the number of organizations migrating to MS 365 and you have a situation that is ripe for malicious actors looking to launch ransomware, account takeover (ATO), and more leading to significant costs and disruption to the business.

Infocyte has uncovered that the average Secure Score is 28%, with only those subscribed to Infocyte’s Command Service scoring over 60% (or greater).

Infocyte’s MS Secure Score is a measurement of an organization’s security posture against 44 baseline configuration setting and controls. The overall average score of 28% on our first 100 assessments shows organizations are struggling to secure their MS 365 environments. Digging deeper into the analysis, we find that many crucial security controls (like multifactor, mail transport rules, or legacy authentication) are deployed properly; greatly increasing the overall security risk to the business. 

Secure Score Range0-20%21-59%60%+
% of Threat Assessments~30%~60% ~10% 
Infocyte Secure Score Results Breakdown (First 90 Days)
  • 83% have NOT fully implemented multi-factor authentication for all users in administrative roles, and 89% are not enforcing multi-factor authentication across their total user base. Yes – this is astonishing to us also. But remember, 100% compliance is hard and users turn things off “temporarily” to accommodate a unique situation. This indicates that a majority of small to mid-sized businesses are likely to have an account compromised and experience a costly security breach.
  • 76% are NOT leveraging or implementing Data Loss Prevention (DLP) policies and are putting themselves in a position where potentially sensitive data can be easily exfiltrated from their organization.
  • 94% have NOT configured environments to block legacy (or basic) authentication methods and are introducing increased risk to exposing credentials and other key secrets to malicious actors.
  • 79% have NOT properly configured their environments to prevent mail transport rules from forwarding emails to external domains.

These gaps and low scores show must mid sized enterprises are at risk for mailbox takeover. Once inside, the attackers create 2 simple mail forwarding rules and user emails can be sent, read and responded to without the actual mailbox owners knowledge. These attacks usually go on for weeks and can create tremendous financial and brand damage. The most common result is AP or AR wire fraud (redirecting vendor or supplier payments) once a user’s account (CFO or Controller) is compromised.

For customers who engaged in our Command Service, scores have increased by over 80% from their original score.

Based on our first 100 assessments, we conclude that customer or their MSP partners need the following:

  • Baseline controls: we provide 44 best practices and controls for setting up a secure and well defended MS 365 service. This service alone will dramatically improve your score and harden your environment
  • Continuous SOC Monitoring: Once you set the right baseline, a SOC with experts must monitor it 24×7 for configuration drift or attack in progress (like impossible logins or multiple failed password attempts).
  • SOC Analysis and Support: When something changes in MS 365 or an attack occurs, you will also need expert guidance to assist with remediation and mailbox recovery, in the event an ATO attack is successful (for example).

The real question is–how does your Secure Score compare? Are you confident in your Microsoft 365 Security and Compliance? Sign-up for our Community Edition and assess your environment in less than 20 minutes for free. We bet you will be surprised. The good news is we are here to help clean it up.