The Art of Defense: Security and Microsoft Exchange Online

The Art of Defense: Security and Microsoft Exchange Online

©2015 Osterman Research, Inc.

Phishing is a Critical Issue

• 45% of decision makers and influencers consider phishing attacks to be a serious or very concern

• 44% are this concerned about employees clicking on links within email that will download malware

• 39% are this concerned about breaches of sensitive customer data

• 37% are this concerned about breaches of sensitive internal data

Phishing is the single greatest threat to any organization because the potential losses of finances or data are so enormous.


The breach of 40 million customers’ information at Target began with a single phishing email to an HVAC

contractor.


What Happened During the Past 12 Months?


During the past 12 months, the average organization has been

infiltrated by malware or been the victim of a hacking incident 16.5 times

because an employee clicked on a phishing link or attachment.


Security is Not Improving as it Should Be

• Phishing– For 46% of organizations, the problem is not getting better over time– For 33%, it’s getting worse

• Malware blocking– For 48%, the problem is not getting better over time– For 13%, it’s getting worse

• Web threats blocking– For 51%, the problem is not getting better over time– For 13%, it’s getting worse

Security customers are making major investments in security solutions that are just not working as effectively as they should, particularly for phishing.


Why is the Phishing Problem Getting Worse?

• Cybercriminals are smart and well funded

• Users are not sufficiently skeptical about content they receive in email and through other channels

• Users are not well trained about watching for phishing attempts– Only 22% of decision makers and influencers feel that their organizations are “good”

or “excellent” when it comes to training end users on detecting and dealing with phishing threats

– One in eight employees is never trained on security awareness

• Anti-phishing solutions are inadequate– Only 28% rate their organizations “good” or “excellent” for eliminating phishing

attempts before they reach end users

• Lack of separation of phishing emails from other quarantined content©2015 Osterman Research, Inc.

On a scale of 0 to 100, decision makers and influencers give their

organizations an average of “50” in terms of how confident they are that employees will not click on a phishing

link or attachment.


The Growing Impact of Office 365


Plans for Migrating to Office 365Among organizations that have not ruled out a migration to Office 365


Environments Will Not be Simple

• Small organizations can migrate to Office 365 without many problems

• Mid-sized and large organizations cannot

• Many organizations will need to maintain hybrid environments of on-premises Exchange and Office 365– Legacy applications– Legacy systems that rely on email for content transport– Email-generating applications– Regulatory obligations– Legal obligations– Bandwidth efficiency

Larger organizations will need to maintain hybrid environments that are not easily integrated, and for which security will be much more difficult.


Important Questions to Ask

• How vulnerable is our organization to phishing attempts?

• How will we train employees about phishing as the first line of defense to deal with this threat?

• Will the security capabilities in Office 365 be sufficient to stop phishing and other security threats?

• How will security and, in particular, anti-phishing capabilities be implemented in hybrid Office 365/Exchange environments?


Osterman Research, Inc.+1 253 630 5839+1 206 905 1010info@ostermanresearch.comwww.ostermanresearch.comostermanresearch.wordpress.commosterman

For More Information


Technology

The Art of Defense: Security and Microsoft Exchange Online