In our most recent report, Cybersecurity experts' views on email risk within Microsoft 365, we identify security risks that Microsoft 365 users face. We spoke with three experts to gain insights into some of Microsoft 365's key email security strengths and weaknesses. This article features some key quotes from the report from Lisa Forte, Co-founder, Red Goat Cyber Security LLP; Robin Bell, CISO, Egress Software Technologies; and Jack Chapman, VP of Threat Intelligence, Egress Software Technologies.

Findings from our recent report, Fighting phishing: the IT leader's view, reveal that 98% of the companies surveyed conducted some form of cybersecurity training over the past 12 months. Yet, despite these efforts, employees keep falling for phishing attacks. Our research shows that 84% of the organizations we surveyed last year were phishing victims – a 15% increase from our 2021 report, The real and rising risk of phishing.

Over the last few years, Microsoft 365 has significantly enhanced its native security capabilities. Today, it offers a solid foundation of protection from advanced attacks, making it a popular choice for organizations. However, security threats are advancing rapidly, and Microsoft 365 still has some points of weakness that are leaving users vulnerable. Cybersecurity experts' views on email risk within Microsoft 365 is our most recent report identifying the security risks its users face.

Thanks to social media, online publications, and 24-hour news channels, we’ve never been more hooked into the news cycle. Whether you want to see them or not, the headlines are never far from your eyes and ears. Cybercriminals can weaponize this to their advantage and tailor their phishing attacks to coincide with topical news stories.

The last 24 months has seen a steady stream of media attention relating to attacks on the supply chain. The impact is real, as is the cost. We have watched both big name security like SolarWinds and open source such as log4js serve as targets with devastating effects. Quite often the methods used have anecdotally relied on technical means and to a lesser degree social engineering.

Our threat intelligence have shared several threats they’ve uncovered through monitoring our B2B platform, in our recent report: Keeping pace with emerging threats: Summer 2022 roundup. One of the standout threats to keep your users aware of is a rise in sextortion emails using fake threats to blackmail people into paying cryptocurrency ransoms.

The RSA Conference has been a key date on the IT security calendar for 31 years, billing itself as the place ‘where the world talks security’. After being forced into a virtual event last year due to the pandemic, RSAC was back live in 2022 for a face-to-face event at the Moscone Center in San Francisco. This year’s event welcomed around 26,000 attendees, over 600 speakers, and more than 400 exhibitors. So how did a face-to-face RSAC 2022 stack up after the virtual event in 2021?

Our threat intelligence recently shared several threats they’ve uncovered through monitoring our B2B platform, in our recent report: Keeping pace with emerging threats: Summer 2022 roundup. One of the standout threats to keep your users aware of is a group of phishing emails impersonating Ukrainian charitable appeals – specifically those requesting cryptocurrency donations.

Taking proactive measures is critical to any aspect of a strong cybersecurity strategy. And today, the need for a robust incident response plan has never been greater. As more and more companies embrace remote work, we see an influx of personal devices on the corporate network. As a result, the potential attack surface expands while endpoint visibility is significantly reduced.

It's natural for tension between the cybersecurity team and internal stakeholders to exist. As the administrator, you play a crucial role in ensuring the network's security, protecting against unauthorized access, and troubleshooting any access issues. But trying to keep people both secure and productive can be challenging. Ultimately, you want to protect critical data without making your colleagues' jobs more difficult.