78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication

Despite the risk of phishing attacks and email account compromises, 78% of Microsoft 365 admins have not enabled multi-factor authentication and 97% of all Microsoft 365 users are not using MFA, according to a recent report published by CoreView Research.

Multi-factor authentication is one of the most effective measures to prevent stolen credentials from being used to gain access to accounts. It is alarming that so few users and admins have enabled MFA, especially during the pandemic when there are large numbers of employees working remotely and when those remote workers are being actively targeted by cybercriminals.

In an August 30, 2020 blog post, Microsoft explained that there are around 300 million attempted fraudulent sign-ins on its cloud services every day. Should any attack succeed it could easily result in a costly data breach. Microsoft explained in the blog post that multi-factor authentication is the single most effective measure to implement to block attacks on accounts, with MFA blocking in excess of 99.9% of attacks on accounts.

Microsoft 365 accounts are actively targeted by phishers and other cybercriminals. Credentials can be stolen using simple phishing emails or automated brute force tactics can be used to guess weak passwords. Microsoft 365 accounts often contain a treasure trove of sensitive data and email accounts can be used to conduct further attacks on the organizations and its business contacts. Many major data breaches have started with a single compromised Microsoft 365 account.

The lack of this basic protection was not the only security issue uncovered by the researchers. 57% of global organizations were found to have given their administrators excessive controls, which gives them access to a considerable amount of sensitive data. The excessive permissions increase the risks associated with insider threats and, if administrator credentials are compromised, gives attackers access to a huge amount of highly sensitive data.

The researchers also found organizations had invested heavily in productivity enhancing applications but had failed to fully assess the security risks associated with those applications. Many of the applications posed a considerable security risk to the organization and had often been implemented without the knowledge of the IT department.

“In today’s modern work environment, where supporting remote work is a must, CoreView’s data indicates that the missing ingredient in deploying and using M365 effectively is often data governance, application security and Shadow IT oversight,” explained the researchers. “Enterprises must ensure they have the processes and tools, including CoreView, to help securely migrate and operate the world’s leading SaaS productivity platform.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news