Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not have MFA security enabled.
In the detailed report, CoreView Research shed some light on security issues with the implementation of Microsoft's subscription server.
“This is a huge security risk – particularly during a time where the majority of employees are remote – that IT departments must acknowledge and address in order to effectively deter cyberattacks and strengthen their organization’s security posture,” according to the report, released last week.
Microsoft 365 accounts are a gold mine for the bad guys that are looking for organization data. Cybercriminals are typically using these accounts for phishing or spear phishing attacks, credential stuffing, or domain spoofing. Multi-factor authentication can help companies reduce, and in some cases, significantly reduce particular computer security risks, most of the attacks that could be successful against single-factor authentication can also be successful against MFA solutions.
Security issues and attacks using Microsoft 365 have only gotten worse. In September of this year, Threatpost reported that bugs in the MFA system made it vulnerable for hackers to bypass the security system and another phishing attack using a new technique of APIs to validate victims' Office 365 credentials.
As a takeaway, multi-factor authentication should not be your only form of defense. New-school security awareness training can ensure your users understand specific mechanisms of social engineering or phishing techniques and can apply this knowledge as they continue to work in a remote environment.
Threatpost has the full story.