Microsoft 365 users may be overestimating platform’s security, survey warns

While some users tend to overestimate the levels of protection provided by Microsoft’s flagship productivity platform, others are concerned about activating too many in-built features in case it results in a complex security management overhead that they don’t have the resources to maintain, leading to misconfiguration vulnerabilities.

A global survey of more than 800 IT professionals by email cloud security and backup provider Hornetsecurity, launched this week at Infosecurity Europe 2022, also found that approximately 63 per cent of respondents indicated that the main roadblock to implementing security features within their organisation is not enough time or resources.

“There could be multiple issues at play in the survey results,” said Andy Syrewicze, technical evangelist at Hornetsecurity. “Making use of more Microsoft 365 security features may contribute to a false sense of security within a user organisation. This could lead it to stop paying close attention to potential security threats, in the belief that all these features will keep them safe without having to make additional active effort.”

Sixty-two per cent of IT professionals polled indicated that not enough time or resources is their main roadblock to implementing security features. Respondents further cited a lack of budget (44.6 per cent), skilling issues and/or a lack of knowledge (36.2 per cent) and a lack of interest from management (23.1 per cent).

The Hornetsecurity survey findings also indicated a general lack of urgency around IT security within organisations. For example, just over half of all respondents (55.5 per cent) reported that their organisation does not have a change tracking and review process in place – vital tools for the identification of security threats, according to Syrewicze.

“What’s behind this lack of urgency is not altogether clear, but post-pandemic lethargy is probably part of it,” says Syrewicze. “There are also indications that medium-sized businesses are being slow in scaling up their IT security to meet increases in threat levels.

“They’re failing to recognise that, as their businesses grow, they will become more attractive targets for cyber attackers.”

A number of firms have also used Infosecurity Europe 2022 to address specific aspects of the modern cyber-security scene, including the predilection of executive boards at many companies to only approve IT security spending after they have been victims of a cyber attack and the necessity for organisations of all sizes to properly appraise and protect the totality of their data assets.