Elimination of e-mail security incidents with using Microsoft 365 and how others are doing it
Microsoft was the number one impersonated brand in phishing attacks in 2019—thanks to Office 365. A multisystem platform, Office 365, now Microsoft 365, combines email, file storage, collaboration, and productivity applications, including OneDrive and SharePoint. Together, they represent a wealth of sensitive data and files that phishers are looking to exploit.
According to a 2017 Ponemon report, respondents reported that 52 percent of their organization’s sensitive or confidential data is stored in SharePoint. Whether corporate trade secrets or financial information, SharePoint houses business-critical data that, if exposed, could cause irreparable damage. With a single set of legitimate Office 365 credentials, a hacker can move on to phase two of the attack: spear phishing, which is ultimately about the financial payout. Moving freely within Office 365, the hacker can impersonate employees to request wire transfers and gift cards, demand ransoms, and more. Moreover, they’re able to acquire more Office 365 credentials and spread across other organizations.
How KVC Health Systems secured Microsoft 365
KVC Health Systems is a private, nonprofit organization with 35 locations across Kansas City, Kentucky, Missouri, Nebraska, and West Virginia. Employing 1,600 staff and supporting 63,000 children and families across five states, KVC Health Systems recognized that it was an attractive target for cybercriminals. “Healthcare data has the highest revenue on the open market,” said Erik Nyberg, Vice President of IT at KVC. “It would be detrimental to our reputation—if not our organization—if we had a leakage of that information.”
In addition to garden variety phishing emails, KVC received extremely sophisticated, targeted phishing and spear phishing emails that were engineered to appeal to employees in the organization. Despite using a variety of email security products over the years, no solution had a catch rate sufficient to protect Microsoft 365. “I’ve never been happy with an email security solution,” said Nyberg. “Something that stops 80% of bullets just isn’t enough.”
Serching for a solution
KVC knew they needed a new solution, but they weren’t convinced there was an email security product on the market that could significantly improve protection for Microsoft 365. Vade Secure for Microsoft 365’s anti-phishing technology uses artificial intelligence, including machine learning (supervised and unsupervised) and deep learning (computer vision), to crawl URLs and webpages in real-time. Analyzing the origin, content, and context of emails and webpages, machine learning models recognize sophisticated obfuscation techniques that cybercriminals use to bypass email filters, including creating URL aliases with shorteners, redirecting legitimate webpages to phishing pages, modifying brand logos, and spoofing email addresses. To block spear phishing attacks, unsupervised anomaly detection and natural language processing identify patterns and anomalies common in spear phishing emails, warning the user with a customizable banner.
Vade Secure for Microsoft 365 catches a large volume of emails that bypass native Microsoft 365 email security. Over a three month period in 2019, Vade detected nearly 5,600 email threats EOP missed. Another motivating factor for adopting the product was the native integration with Microsoft 365 and the ease of deployment, including the quick setup and the simple interface. “We definitely like the simplicity of Vade on the IT side,” Nyberg said. “Going through the Microsoft 365 admin to whitelist or blacklist something is an extremely painful, 10–15 minute process. With Vade it’s five seconds. Vade is 90 percent more simple than using Microsoft 365.”
Finally, in the nine months since deploying Vade Secure for Microsoft 365, KVC hasn’t’ experienced a serious email attack that affected the organization.