Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’re like many organizations that have heavily invested in Microsoft 365, you may be considering, or already attempting, to use SharePoint Online as your company file server. After all, it’s “free” since it’s included in the service, right? While Microsoft has made improvements on the front-end with OneDrive for Business and Teams, there are still many challenges and hidden costs associated with using SharePoint as your primary company file system.

Despite the tight security services provided by Microsoft, we know how frequently SMEs' Office 365 is breached, either intentionally by hackers or inadvertently by carelessness. In such a scenario, it makes us wonder, can we fully trust Microsoft to protect us from mal actors in 2022?? The simple answer is yes. The complicated answer is: Microsoft is as secure as WE configure it. Does that make you uneasy?

In 2005, a new market emerged when Gartner coined the term "SIEM" OR Security and Information Event Management. Back then, it was a legacy system aggregating event data produced by security devices, systems, network infrastructures and applications. However, it lacked monitoring functionality and was limited to vertical scalability.

The JFrog DevOps Platform is your mission-critical tool for your software development pipelines. The results of key binary management events in Artifactory, Xray, and Distribution can reveal whether or not your software pipelines are on-track to deliver production-quality releases.

In January 2022, Microsoft announced that Excel 4.0 macros would be restricted by default, to protect users from malicious macros. In February 2022, Microsoft announced that VBA macros would also be blocked for files downloaded from the internet. Cybersecurity professionals and enthusiasts rejoiced at the news! Malicious Office documents were running rampant. Attackers abused Microsoft Office macros to deliver BazarLoader and Trickbot, and remote access trojans like AveMaria and AgentTesla.

Speaking with clients, I find one of the biggest issues they struggle with how to properly secure Guest access in Microsoft 365 applications. While many organizations had already begun outsourcing their email to M365, most had really only begun looking at the rest of the M365 offering (Teams, SharePoint Online and OneDrive) when COVID hit. Most organizations wound up diving headfirst into this offering in an attempt to deal with the sudden need to work and collaborate with colleagues from home.

In April 2022, Netskope Threat Labs analyzed an Emotet campaign that was using LNK files instead of Microsoft Office documents, likely as a response to the protections launched by Microsoft in 2022 to mitigate attacks via Excel 4.0 (XLM) and VBA macros.

Cybersecurity has become an important topic for the defense supply chain. The ever-increasing number of digital channels that data can be exchanged through, has exponentially increased the risk of data breaches and leaks. This puts a lot of pressure on these organizations to ensure that the risks associated with the handling of sensitive data are as low as possible.

Ever since the pandemic had set in, the entire cybersecurity landscape has undergone a vast change. The Covid-19 crisis has forced organizations and CISOs to adapt to sudden, unprecedented, and until now unforeseen challenges. Remote working has become the “New Normal”. The remote working culture will stay long after the pandemic has gone. The shifting of offices to home has made it easier for hackers to target personal networks rather than the well-protected office networks.