365 Security in 2023

Highlights and security lessons from 2022, and what needs to happen in 2023

 

After years of development, CatchBefore was released early in 2022. A big thank you to the many clients that have joined our journey. Each sign-up represents another organisation prepared to take a positive step, and shine light on an area that in many cases they didn’t previously have any real understanding about. The demand for security improvements is coming from a broad range of sectors. Our client range includes organisations from professional service industries, construction, manufacturing, not for profit, and other areas. There is no sector immune from being targeted by those with malicious intent.

What are our biggest take-outs from the year?

  • We have yet to see a client join that has 100% Multi-Factor-Authentication (MFA) coverage. In fact, many thought they had everyone with MFA, only to find they had dramatically low coverage
  • Most clients are not aware that there are a raft of other security issues besides MFA
  • Those that were least convinced that they needed to improve their security often had the largest gaps and needed the most improvements
  • Information and understanding is critical – unfortunately a lot of organisations are not aware of the risks that need to be managed and mitigated
  • Detected attack attempts tend to increase when we are away from work (especially on weekends and major public holidays periods).

What kind of situations has CatchBefore commonly helped with?

  • Improving the security position of clients. The proactive security configuration checks help our client improve their security score, lowering the risk of an incident.
  • Discovering compromised accounts. We have picked up a number of accounts that had unauthorised logins. This information enabled our clients to take proactive steps to close down weaknesses, and take proactive steps to prevent a repeat.
  • Discovering almost compromised accounts. CatchBefore has a fantastic feature that helps detect logins where the username and password have been successful, but MFA failed. This situation typically means that the username and password have been compromised, and the only thing stopping a complete account compromise is the MFA feature. In this situation we have been able to guide our clients through the safe change of password.
  • Discovering excess licences and old users. It is not uncommon that clients have more inactive users than active ones, and in many cases wasted/excess licenses. We have hit situations where CatchBefore can almost pay for itself due to excess licence discoveries.
  • Discovering previously forgotten external email forwarders and rules. Some email rules can be ‘malicious’ in nature, deliberately forwarding email and hiding their tracks. Others are meant as temporary, and then forgotten about. In both situations it can result in email data being silently forwarded outside your organisation without alert. CatchBefore helps detect emailbox rules, including to external addresses.
  • Quota issues, where clients are running out of space. Perhaps one of the most easily preventable emergencies. Every service has its storage limits, and it is important to know when your accounts are approaching their capacity. CatchBefore actively monitors and alerts when space is becoming a tight.

What in store for CatchBefore and 365 security in 2023?
Additional features and checks are in the development stage. CatchBefore plans to release enhancements during 2023. In addition to the planned improvements, we will continue to monitor the evolving threat landscape.

//