Tag Archives: threat

Cybersecurity, News

Threats Exploiting Employees a Concern For Microsoft 365 Users

Egress Report Cites Cyber Security Experts, Offers Recommendations to CISOs Representing the 1 Million Companies Deploying Microsoft 365

LONDON, UK – 21st June 2022 – Egress, the leading provider of intelligent email security, has today issued a report identifying a number of security risks facing users of Microsoft 365, which along with its suite of tools, is expected to be relied upon by more than one million companies and over 250 million users[1].

Click here to read the full report: https://pages.egress.com/Whitepaper-EmailRisksInMS365-06-22_2021-Landing-PAGE-eBook.html

The threat analysis has been compiled by leading experts in cyber security. Lisa Forte is the co-founder of Red Goat Cyber Security LLP, Robin Bell is the Chief Information Security Officer, (CISO) at Egress, and Jack Chapman is the VP of Threat Intelligence at Egress. Their collective insights provide both the context associated with perceived risks as well as recommendations for CISOs to reduce both inbound and outbound risk, protecting their people, organization and customers.

Overall, the expert panel felt Microsoft 365’s native security capabilities offered good, basic email protection from phishing, and data loss prevention (DLP) tools for dealing with outbound data loss. However, the group also believes that there remain issues requiring enhanced protection from highly advanced inbound phishing threats, outbound data loss, and exfiltration events that cannot be reduced by static DLP.

“Microsoft’s protection now rivals Secure Email Gateways (SEGs), but there remain substantial gaps in its email security. Both Microsoft and SEGs struggle to detect the most sophisticated social engineering attacks,” said Jack Chapman, Egress VP of Threat Intelligence. “Topping the list are threats that target and exploit individuals such as phishing attacks, and outbound risks such as data loss caused by human error or intentional exfiltration. CISOs must evaluate their level of protection and augment their existing email security with additional layers of technology where required, to protect their employees and their data.”

Snapshot of Email Risks in Microsoft 365

  • Phishing: credential theft, leakage of sensitive/regulated data, navigating users to malicious URLs, requesting multi-factor authentication (MFA) codes, and ransomware.
  • Human Error: autocomplete of the incorrect email recipient, complex, manual management of customizations and settings.
  • Deliberate acts of data exfiltration for as yet unknown use cases that are not covered by policies.
  • Reporting is limited when seeking to understand the level of risk from phishing emails.

Microsoft 365 – CISO Security Recommendations

To CISO’s responsible for the safe deployment and use of Microsoft 365, the Egress report offers a number of key recommendations, beginning with a question – how much do I understand? Framing this guidance is that any tool or service is more easily deployed when it is user-friendly and frictionless.

Understanding begins with CISO’s who must analyze the risks their organization faces in order to prioritize the right layers of security across people, technology, and processes. Further, they must understand the limits of Microsoft 365 and seek to avoid a cookie-cutter cyber approach. A comprehensive, holistic view of the risk is invaluable to identify the products that will complement and seamlessly integrate into your business environment to manage and reduce risks.

This approach must also extend to employees. To reduce human-activated risk, businesses need to reinforce widespread staff training and back it up with intelligent email security tools to catch moments when employees are prone to making mistakes.

According to the 2022 Egress report, Fighting Phishing: The IT Leader’s View, over the past 12 months, 85% of organizations were victims of phishing, 60% of organizations were hit by ransomware, and 40% of organizations had credentials stolen.

[1] Statista: Number of Office 365 company users worldwide as of June 2022, by leading country

For more information and interview requests, contact Jordan Brackenbury at PR@Egress.com

FInance, News

70% accountants and lawyers have money laundering fears over Russian dark funds

  • Survey reveals only 45% are completely confident in their current anti-money laundering procedures
  • 76% believe the threat of money laundering will worsen over the next three years

LONDON, UNITED KINGDOM 25th MAY, 2022: 70% of accountants and lawyers are more concerned about money laundering since Russian events and sanctions began, with 75% moving anti-money laundering (AML) up the company agenda in the past year. That’s according to First AML, the end-to-end AML software solution, which surveyed 200 accountants and lawyers in the UK to discover attitudes toward current compliance and AML procedures.

Despite 53% of respondents having identified an instance of suspected money laundering in the past three years (with 24% identifying more than one) only 45% are completely confident in their AML procedures. Alongside this, a staggering 91% think companies need to embrace online technologies to aid compliance with AML regulations. Likewise, 87% respondents are putting more rigid policies in place to be compliant and meet AML regulations.

The core reason for money laundering rising up company agendas is a focus on customer transparency and ethical customer onboarding (68%). This was closely followed by external risks (50%), such as the situation in Russia and people traffickers, and increased risks of fines (46%). Worryingly, 76% of respondents believe the threat will continue to get worse over the next three years.

To deal with the growing threat of money laundering, 80% of respondents reported that they are turning to technology to become more compliant, while 53% said they were turning to outsourcing services and 28% turning to hiring.

Simon Luke, UK Country Manager commented: “Even before the Ukrainian conflict and Russian sanctions, the UK has been recognised as a hub for Russian money-laundering. Accountants and lawyers need quick, easy and accurate ways to onboard customers and complete financial transactions without fear. However, this is an industry wide issue that impacts not just businesses but also the economy and everyday Britons. That’s where First AML’s technology comes in, especially as countries globally call for tighter compliance in business.”

When asked what the main causes for concern were, the growth in online transactions (38%) was the most common answer. This was followed by the growth of unethical business practices (23%) and the Russian situation (18%).

To learn more about First AML, visit the website here: https://www.firstaml.com/