Just How Secure is Outlook Really?

45 mins
August 23, 2022

Welcome back for another episode of the SysAdmin DOJO Podcast!

In this episode, we welcome security expert Gil Blumberg to the show! Gil has been working in various roles in security for several years now and has some highly useful insights into the world of cybersecurity and M365!

We discuss the findings of our survey on email security in which we polled a large cross-section of the IT community with questions about M365 security. Email continues to be the primary method of communication for business today, and with that in mind, it’s no wonder that threat actors continue to use email to make inroads into target organizations. With this survey, we wanted to find out what types of attacks respondents are seeing, what common vectors they’re running into, as well as the impact of these attacks.

Some of the findings have huge implications for the M365 security landscape. For example, did you know that there are some organizations not leveraging features like MFA and Exchange Online Protection? We were shocked as well!

If you have any of your own thoughts, be sure to use the comments form below! We’d love to know your thoughts as well!

We hope you enjoy it!

In This Episode

  • Is Microsoft 365 Keeping you Safe – A Survey Introduction? – 3:13
  • 1 in 4 companies reported a “known” email security breach – 5:24
  • What are common vectors of attack for email security threats? – 7:10
  • Are there still companies out there not using MFA? – 12:11
  • How does Conditional Access help with MFA? – 18:06
  • Are people using digitally signed messages or message encryption? – 23:32
  • Are the Data Loss Prevention features in M365 helpful for organizations? – 30:01
  • Does company size play a factor in whether or not they are a target by attackers? – 39:00

Episode Quotes

  • I couldn’t get rid of my on-prem exchange server fast enough
  • There are two kinds of companies: Those who have been breached, and those who don’t know they’ve been breached
  • It’s still really sad that we’re still using passwords
  • Choosing to use message encryption can be scary for some users
  • Organizations need to be careful to not put all their eggs in one basket

Frequently Asked Questions about Cloud-Native Architecture

What are the topic vectors of attack for Microsoft 365 today?

The top vectors of attack for M365 today continue to be phishing and compromised credentials.

Does Conditional Access help make MFA better?

Conditional access does indeed make MFA better. This is because with conditional access you can really tailor MFA to work with your organization’s culture and method of working as opposed to not.

Doesn’t Microsoft handle security for me in Microsoft 365?

This is a common misconception. While Microsoft is responsible for the security of the infrastructure and the platform itself, ultimately the responsibility for the safety of your data comes down to you. See Microsoft’s shared responsibility model for more information on this.

What is vendor over-dependence?

Vendor over-dependence is the concept of a business relying too heavily on one organization for a large subset of its capabilities. So much so, that a large outage of said vendor would have a significant impact on their own business.

Resources for This Episode

Hornetsecurity Email Security Survey Findings

Security Incident Survey Findings

Conditional Access on the DOJO

A History of Message Encryption

Podcast Episode with Paul on Microsoft 365 Licensing

Have a Question?

Altaro Office 365 Backup

Listen to The SysAdmin DOJO Podcast on your favorite platform. Let us know what you think of it (or how we can improve) by rating or leaving a review!

Don’t miss an episode. Subscribe for podcast notifications, and more, on the DOJO.

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!