It’s becoming an almost weekly occurrence, news reports on the latest company to be hacked and suffer significant data breaches, leaching sensitive customer information. From a recent data breach at Latitude Financial in Australia, impacting up to 14 millions users; to LastPass (one of the world’s largest password management platforms) where the hackers managed to obtain online backups of ALL customer vault data, the frequency of breaches is increasing, so to the number of impacted users.
The impact of a data breach can be catastrophic not only to an organisation’s reputation, but also its bottom line. The recently released Cost of Data Breach Report for 2022 by IBM Security, found that the global average total cost of a data breach was USD 4.35 million. I’ll let that sink in for a moment.
In fact, it is worth repeating…
THE GLOBAL AVERAGE TOTAL COST OF A DATA BREACH IS USD 4.35 MILLION
Keep in mind that this is the average. The average total cost of a data breach ranges from USD 1.11 million in Turkey, to USD 9.44 million in the United States. The same report also found that 83% of organisations studied had experienced more than one data breach, and that 79% of critical infrastructure organisations hadn’t deployed a zero-trust architecture.
The simple fact is that organisations need to take all necessary precautions when it comes to cybersecurity and the ever-increasing threat of a data breach. Most organisations are re-evaluating their cybersecurity posture and are looking to implement a suite of tools from multiple vendors to help predict, mitigate, and combat threats rather than relying on a single provider.
Of particular interest to this article are the findings that almost half of all breaches (45%) occurred in the cloud. Whilst cloud vendors work to secure their platforms, organisations need to be doing more to ensure they are educating their users on how to protect themselves from the sophisticated (and sometimes not-so-sophisticated) techniques used by hackers.
More broadly however, organisations need to seek out and take advantage of the tools that are available to protect their cloud solution. One such toolset is Policies & Insights from AvePoint.
SECURING MICROSOFT 365 WITH AVEPOINT POLICIES & INSIGHTS
Policies and Insights for Microsoft 365 (M365) from AvePoint enables data breach risk mitigation by preventing issues from occurring in your M365 environment.
By assigning policies, including pre-configured rules to certain M365 workspaces (including OneDrive for Business, SharePoint Online, M365 Groups, Teams, and M365 users) it will monitor user activities and changes within M365 and generate reports for identified violations and optionally email a summary report daily. It also supports automatically fixing out-of-policy issues. Policies for M365 ensure that all actions and changes remain within the organisation’s defined governance policy and control.
Insights for M365 provides centralised visibility of at-risk data and aggregates access, sensitivity, and activity data across the entire M365 tenant. It helps organisations to prioritise issues based on defined risks, and to assist with fixing permissions, membership, and configuration issues across the M365 workspaces.
Together, Policies & Insights will monitor M365 workspaces to automatically detect, notify, and revert configuration drift or security risks, providing more control over the content, external sharing, and settings. The tenant-wide security reports transform traditional security reporting by adding context and providing the ability to take corrective action while staying in the context of the object that is in breach.
Policies are made up of one or more rules that apply at either the individual service level or tenant level. There are 44 individual service-level rules targeting one or more workspaces within M365. For example:
- Deletion Restriction rule provides control over users and groups that can delete an object in sites
- External Sharing Settings rule enables control over external sharing settings for Groups or Teams
Any changes detected outside these rules will trigger a violation.
Similarly, the Remove Licenses from Inactive Users rule will mitigate the risk of a bad actor in possession of inactive users’ credentials from accessing the M365 workspaces.
At the tenant level, Exchange Online and SharePoint Online/OneDrive rules help mitigate data breach risks by preventing activities and raising violation flags. For example:
- International Spam Prevention prevents email messages that are in specific languages or from specific countries/regions
- Malware Prevention will protect from malware by quarantining email messages where malware is detected
- Tenant-level Site Content External Sharing Settings rule ensures this setting is maintained as per the rule and flagged as a violation if a change is detected
Insights can be used to create Risk Definitions which is a combination of Sensitivity Definition and Exposure Definitions. Microsoft defined Sensitivity Definitions, for example, Australian Financial Data, Australian Privacy Act and U.S. Patriot Act are also leveraged to identify sensitive content. Insights can also leverage the Sensitivity Label assigned to content in M365 workspaces. Once the sensitive content has been determined, it can then be deemed as either a High, Medium, or Low exposure level based on 5 conditions (External Sharing, Anonymous Link, Everyone, Large Azure AD Group and Direct sharing). Sensitivity and Exposure together form the basis to tag an item as either High, Medium, or Low risk.
Medium sensitive content shared beyond the defined number of External users is identified as a High risk item. This risk analysis helps the organisation to take corrective actions like deleting or setting the expiry date on the shared link as an example. An email notification can be configured to trigger daily for any changes to the at-risk items within the organisation. Additionally, administrators can quickly identify risks from the dashboard view and drill down to the at-risk item and proactively take corrective action.
Collectively AvePont Policies & Insights will continuously measure the pulse of the organisation’s M365 tenancy and identify violations and risks helping prevent a data breach along with providing the ability to zero in on violations and at-risk items proactively.
CONCLUSION
In conclusion, AvePoint Policies & Insights is an effective solution for mitigating the risk of data breaches in Microsoft 365. With cloud breaches becoming increasingly common, organisations must take all necessary precautions to protect their data and systems from hackers. Policies & Insights offers a suite of tools that help detect, notify and fix configuration drift or security risks within Microsoft 365 workspaces, and provides centralised visibility of at-risk data. By taking advantage of this toolset, organisations can gain more control over their content, external sharing, and settings, ensuring that all actions and changes remain within the organisation’s defined governance policy and control. To learn more about Managed Policies & Insights and how it can help secure your Microsoft 365 environment, contact us to learn more.
RELATED ARTICLES
Late Night Brew – Exploring the Benefits of AvePoint Pi for Securing SharePoint
Late Night Brew – Securing Microsoft Teams made easy with AvePoint PI
Late Night Brew – Discover the Benefits of AvePoint PI: Securing your Microsoft 365 Environment!
Late Night Brew – Unleashing the Power of AvePoint PI and OneDrive
