How Secure is your O365 Deployment?

Author: David Cornish

 

At Zimbani, we are seeing more and more customers embracing cloud collaboration services, predominantly Office 365/Azure AD. For many organisations the benefits of Office 365 are making a compelling case for modernised email and collaboration services with companies embracing some or all of the services available. Microsoft state that they have over 100 million commercial Office 365 users and that 80% of Fortune 500 companies are already hosting business data in Office 365, so it’s very clear that we are past the point of early adoption and that this is now becoming the de-facto standard for office productivity.

 

However, as part of these migrations, sometimes organisations have an expectation that their data, once migrated to Office 365 services, is controlled by default to provide the same level of protection that was in place on their on-premise deployments. In some cases, that may be true, but in other cases the default protections applied may not, on their own, meet their organisation’s needs. Now, the good news! Microsoft have done a great job in providing controls in the Office 365 suite and while many of these are not on or configured by default, we often find that, if correctly leveraged with the right subscription type, these can be applied to align the risk of using Office 365 to within an organisation’s risk appetite. Even better, with some thought and planning, it is often possible to get adequate controls for your data  in place using native functions in Office 365 without needing to invest in sometimes costly integrations with other security service providers or products. As such, not only can a well thought out set of controls using native capabilities often address risks and vulnerabilities for organisations that have migrated to Office 365, in many cases there is also an opportunity for them to divest in other bolt on security services, rationalising their investment and consolidating their technology footprint.

 

At Zimbani we have a wealth of experience in assisting organisations plan migrations to Office 365. We also assess the security of existing Office 365 deployments and can assist the leverage of native controls in the Office 365 suite to adequately secure your organisation’s data and harden your tenancy. We can advise on which controls that are most relevant to you and your regulators and give you guidance to ‘right size’ your security posture and align to your risk appetite. If and when there is a deficiency in what is offered natively compared to your organisation’s risk appetite, Zimbani are highly skilled at identifying and solutioning additional security controls to fill the gap.

 

Our Secure Build service enables our clients to:

  • Understand and contextualise the relevant Office 365 security controls for your organisation
  • Understand the current state of your Office 365 security controls and how they line up to your risk profile
  • Prioritise, and if you wish, implement an uplift of your Office 365 security controls to secure your data
  • Report on the state of your Office 365 security controls

 

Are you considering moving to Office 365? Are you already leveraging Office 365 and want to know that your data is secure? Either way, Zimbani can help and we’d love to speak with you!

Approaches to Securing Decentralised Microservices

 

A little bit of history first, as microservices architectures (MSA) could be said to be a direct descendant of service-oriented architecture (SOA).

The theory behind SOA largely was correct: avoid ad-hoc application integration by taking a service- or function-centric approach to integration. The objective was to simplify integration complexity via a modular architecture with reusable components.

Then somehow SOA became synonymous with the enterprise service bus (ESB), ESB-centric architecture looks great on paper (and it does make for elegant diagrams!).

Read More

Australia’s Most Concerning Security Threat

Phishing identified as Australia’s Most Concerning Security Threat, Survey Reports

Findings show that 89% of Australian IT professionals surveyed have dealt with security incidents originating from deceptive emails, yet nearly half feel unprepared to respond to such threats.

 

AUSTRALIA – November 16, 2017

Today Zimbani’s partner PhishMe®, the leading provider of human phishing defence solutions, released the results of its Australia Phishing Response Trends Report, which looked at the phishing response strategies of IT security professionals across a variety of industries in the Australia region.

The report highlights that despite technology investments, Australian-based organisations are flooded with suspicious emails targeting employees. 85% of respondents confirmed to be utilising computer-based training solutions and 66% email gateway filtering to protect against phishing attacks. Yet, nearly half surveyed organisations feel ill-prepared to process and adequately respond to such threats, with the majority highlighting the need for automated phishing analysis.

According to the Ponemon Institute, malicious or criminal attacks account for 48% of data breaches in Australia, with the number of yearly attacks averaging 18,0001. In line with phishing response trends emerging from the US and the UK markets, Australian-based organisations claimed to be almost as unprepared to combat phishing attacks despite having dealt with more email-related incidents.

 

Key Findings

Key findings from the survey include:

  • 89% have dealt with security incidents originating with a deceptive email
  • More than 60% have faced an email threat more than once
  • Over a third of respondents see more than 500 suspicious emails weekly
  • Nearly all respondents have between one and four security layers already in place
  • Email-related threats are Australia’s biggest security concern
  • Over 50% of respondents highlighted technology alone isn’t the answer to phishing
  • 95% of surveyed IT professionals plan to upgrade their phishing response and prevention

“The pervasiveness and sophistication of recent phishing attacks is a testament of how technology alone is not enough to defend against email-based threats,” stated Rohyt Belani, CEO and Co-Founder of PhishMe. “Just as we’ve see scammers leveraged sentiments of fear and curiosity to steal sensitive patient records from Australian medical organisations, modern cyberattacks are crafted based on specific emotional triggers. With computers still unable to detect human emotions and the nuances of interpersonal communication, it is imperative for any organisation to embrace a human-focused approach towards improving cyber resilience.”

The full report is available for download here: https://zimbani.com/wp-content/uploads/2017/11/2017-11-21-Phishing-Response-Trends_Australia.pdf

 

Survey Methodology

This study was commissioned by PhishMe and delivered by Censuswide, an international market survey consultant. Censuswide surveyed one hundred select IT professionals, largely senior decision- makers, on phishing response strategies. The sample represented firms belonging to a variety of industries including business services, high tech, manufacturing, healthcare, financial, retail & wholesale trades, transportation, consumer services and telecommunications. All participants joined voluntarily and no telemarketing techniques were implemented.

 

1 Source: Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview (https://www- 01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN)

 

Zimbani at CIFI 2017

We had a great time at the recent CIFI Security Summit in Sydney. Thanks to our partners NetApp, SafeBreach, Accellion, Vormetric and Trend Micro for getting involved.

Zimbani’s Mark Sayer raised some very interesting points in his presentation, “Cybersecurity ….The opportunity for Innovation and Creativity”. He talked about the current Australian approach to Cybersecurity and appealed to the cyber community to make a difference and rethink how we can foster an ecosystem of cyber innovation in Australia. Harnessing the talent of promising young students, mentoring start ups and lobbying for legislation change were some of his suggestions.

Our stand proved to be a hit with our Top Gear fastest track competition – thanks to everyone who participated and congratulations to Filipe, who took home a 55″ TV for the win.

 

Zimbani Launches Sydney Office

After a year dipping our toes in the water and great successes with cornerstone clients in Sydney we are excited to announce Zimbani is launching a NSW office next week. This is part of our 2017 strategy, watch this space for more exciting developments!

 

Sydney Skyline

Page 1 of 212