According to a recent paper from the SANS Software Security Institute, the most common vulnerabilities include:
- Business email compromise, where an attacker gains access to a corporate email account, such as through phishing or spoofing, and uses it to exploit the system and steal money. Accounts that are protected with only a password are easy targets.
- Legacy protocols can create a major vulnerability because applications that use basic protocols, such as SMTP, were not designed to manage Multi-Factor Authentication (MFA). So even if you require MFA for most use cases, attackers will search for opportunities to use outdated browsers or email applications to force the use of less secure protocols.
- Password reuse, where password spray and credential stuffing attacks come into play. Common passwords and credentials compromised by attackers in public breaches are used against corporate accounts to try to gain access. Considering that up to 73 percent of passwords are duplicates, this has been a successful strategy for many attackers and it’s easy to do.
You can help prevent some of these attacks by banning the use of bad passwords, blocking legacy authentication, and training employees on phishing. However, one of the best things you can do is to just turn on Multi Factor Authentication (MFA).
We highly recommend the use of strong passwords using a password generator such this.
Business 365 Legacy authentication methods will be turned off by default as part of our managed service offering to you.
MFA should be enabled wherever possible with a handy guide available here.
Get in touch today to see how we can help.