It has been over a decade since we were first introduced to the Microsoft 365 brand — and now it is one of the most used lines of subscription services in the world. Last year marked the 10th anniversary, and if we take a look back since its early days, the service has only expanded its scope and capabilities especially when it comes to the Security & Compliance Center.
The swift ascension of Microsoft 365 hardly comes as no surprise, given the hybrid world we now find ourselves in. However, as the number of M365 users continues to increase at a rapid pace, the security risks for both users and admins will only grow as well. To break it down, between January and December 2021 alone, Microsoft Azure Active Directory blocked more than 25.6 billion malicious attempts to hijack enterprise customer accounts by brute-forcing stolen passwords.
The numbers are staggering, and what this shows is that our digital identity is only becoming more at risk, with malicious hackers looking to take advantage and steal credentials. So this begs the question, how can we be more secure? Based on a recent Microsoft report, the most common methods used by threat actors included email phishing and other malicious email activity targeting Microsoft users — with more than 35.7 billion attempts blocked in the last year.
While the number of users continue to grow, this rapid adoption brings new challenges, hacks are likely to only start to up their game, and there is also the potential for service outages and security gaps as more sensitive credentials need protection — making Microsoft an appealing target for bad actors. Essentially, what this comes down to is that security threats are growing and there will inevitably be more difficulty across the board when it comes to ensuring the security of users. However it is not all doom and gloom, Microsoft will and has continued to evolve its security and there are critical steps that users can take as well.
First and foremost, being knowledgeable and implementing updated security practices and tools from start to finish around infrastructure, application and user security can make such a big difference. Microsoft 365 data can easily be vulnerable to user errors, accidental deletion, corruption and malware.
One thing is clear: cybercriminals are getting more sophisticated and employing new techniques that can bypass even the most resilient security systems. Based on Microsoft’s latest Digital Defense Report, nation-state threats are becoming more prevalent and harder to detect, resulting in more individuals being targeted specifically to get access to their connections and personal information. These attacks can lead to major financial and human damages; therefore, it is crucial to educate your employees to avoid being targeted in the first place. Meanwhile, applying Zero Trust principles also becomes a must to protect your today’s hybrid workforce, no matter the user’s location or the size of the threat.
This is nothing new for Microsoft, as there is already an abundance of layers in place to defend against phishing, ransomware, malware, and other advanced threats. However, as a result of the rise of serious breaches over the past few years including Colonial Pipeline, JBS Foods and even Microsoft Exchange, we should see increasing investments in machine learning features to improve end-to-end security. The benefits from these new investments will go far beyond security — they will inevitably help IT teams protect against known and unknown problems before they hit the end user. For example, any cloud migration protection features will aid in moving IT workloads with little to no disruption to end users.
Microsoft has a lot to think about when it comes to security, but these learnings really expand to most businesses. Any organization can be vulnerable to a supply chain attack — even when its own defenses are solid, as attackers are exploring new methods to infiltrate organizations by targeting their suppliers. This isn’t a small number of cases. In order to compromise targeted customers, attackers focused on the suppliers’ code in about 66 percent of reported incidents. Recent attacks, such as the SolarWinds and Kaseya, underscore that we are all only as secure as our weakest link in the supply chain on all levels. All in all, the supply chain is a critical function of security and it’s important for businesses to ensure each vendor/business is following security best practices.
As challenges continue to evolve with digital acceleration, it is difficult to know what the next decade will hold for M365, but based on the ever-changing needs of businesses and changing customer demands, we should expect to see:
- Accelerated Productivity. Much like Microsoft Teams ushered in a new standard for application integration across several M365 workloads (e.g. SharePoint, Exchange, OneDrive), we will see a continuation of application integration in the M365 ecosystem, which will fuel more end-user productivity
- Automation. The capabilities and applications in M365 such as Power Automate will continue to evolve as the amount of data is growing faster than ever. As a result, the ability to automate and customize M365 applications to streamline business processes will accelerate.
- Custom Built Apps. Due to highly-specific customer needs, the app development experience in M365 — led by Microsoft Teams and SharePoint online — will continue to get easier and more powerful. Consequently, we will see more customizable apps developed by enterprises and citizen developers which solve specific business problems.
As security concerns continue to grow over the next decade, Microsoft will have to diligently manage its own supply chain of external dependencies used to build and deliver M365 cloud services. However, companies can make their use of M365 more efficient by knowing what they have access to through careful management and inventory maintenance. If the next 10 years are anything like the previous 10, we can expect a lot of exciting momentum as capabilities are expanded to meet the specific needs of customers.
Pete Caldecourt is Director of Product Management, Quest.