Why Backups Are Critical for Response
The large amount of organizations using Office 365 has kept the attention of cybercriminals everywhere. Like malware creators, cybercriminals study Office 365, considering how to use its means of access, authentication, and functionality in ways that help their malicious campaigns.
In most cases, the logical response is to prop up security controls to stop scams and attacks from succeeding. In addition, you should also be thinking about backups of Office 365 as a means of helping to remediate any successful attack.
Here are three reasons why.
You’ll (Possibly) Never Know They Were There
There are plenty of examples where a user’s mailbox is the focus of an attack to be used to send out emails to further spread malware, commit fraud, or for various social engineering scams. Tracks are covered using bots monitoring the mailbox or using rules that are later deleted. Depending on how they get access to a mailbox (credential theft and application access are the two methods today), it’s plausible to see a scenario where the owner of the mailbox has no idea anything is going on.
Be Aware of Malware
Despite the covering of tracks, you can’t simply assume the mailbox is clean. Messages in Sent Items containing malware could still exist. Imagine the mailbox owner months from now looking for something they sent months ago and see an email they sent having no idea what the attachment is, clicking on it, and potentially infecting their machine. It’s necessary to ensure the mailbox contents are restored back to a point in time prior to the compromise.
They Can Use Office 365 as an Asset for Future Campaigns
Sometimes the goal isn’t to necessarily ravage through an Office 365 instance looking for viable data to steal. Instead some cybercriminals take advantage of the credibility established by Office 365 to lower the defenses of security toolsets that pay attention to domains used in an attack. By placing and sharing files with malicious scripting, links, etc. onto SharePoint Online or OneDrive, phishing attacks can use the shared links to deliver “malwareless” phishing attacks (that is, no malicious files exist within the phishing email itself) and security solutions allow the link to be followed because the file resides in Office 365.
Know your Backup Plan
Should a cybercriminal place files into one of your file repositories in Office 365, how are you supposed to know which ones are the bad ones? If you aren’t certain of a date when the account with access to the repository was compromised (and remember, a cybercriminal remains undetected for a median time of 146 days!), you’re going to need to simply restore that folder, document library, etc. to return it to a safe state.
Cybercrime is Evolving as Office 365 is Becoming More Robust
As Microsoft develops online tools like PowerApps, integrations into Teams and other services to facilitate automated sharing of data and performing of tasks, Office 365 in some ways becomes an “operating environment” in which cybercriminals will look for ways to take advantage. With the three primary attacks being to either gain access to steal your data, hold it for ransom, or commit fraud via email, it’s evident that Office 365 has everything a cybercriminal could want.
Responding with Backups
In this case, backups are used to take a proactive stance. With backups of your data in place, as Office 365 expands its backup capabilities and vendors update solutions to expand what can be backed up, you are already prepared to maintain needed copies of your data should they become the target of an attack.
Using Backups as a Cyberthreat Response Tool
The cleanup after an attack can be brutal for IT and for effected users. With no insight into what data has been touched, modified, or weaponized, it’s necessary to be able to restore clean versions of the data you keep in Office 365. Maintaining backups of your Office 365 data isn’t just about data loss or user error; it’s a matter of ensuring a secure environment.
To learn more about the cyber risk that threatens your data within Office 365 and how backups can be used to mitigate that risk, download the eBook Modern Office 365 Data Protection Challenges today!