Before we jump into the article, let’s chat about ransomware and how it affects you if you’re an IT admin for a company or, if you are an IT consultant, your customers. Let’s face it, many turn a blind eye to ransomware because they think, “It won’t happen to me.” The reality is that more and more companies and customers are being hit by these attacks and have to either fork out large chunks of money to the hackers. Or the third-party companies helping them recover charge them as much or more. Ransomware not only affects big corporations — smaller businesses are targets, too. How do these attacks begin? Typically, you receive an email that looks like it came from a genuine organization or person, and you click the included link. Or you get a phone call from an imposter saying they need access to your machine and in a couple of minutes, everything starts going wrong. And another problem: Many believe because they have Microsoft 365, they are protected from ransomware. Yes, Microsoft does have some built-in protections. But the onus for protecting your accounts ultimately falls on you.
Microsoft 365 and ransomware: Just how secure are you?
Security is not only for on-premises servers and applications. It is of utmost importance also for everything you run in the cloud as well. Are you ensuring you and your customers are secure? Are you advising them to upgrade older Windows versions or ensuring they are patch compliant? Are you checking that external access to systems is locked down? Is RDP disabled? There are many more questions, but you get the gist of it. Most important of all — are your Microsoft Cloud Solution Providers (CSP) protected from ransomware? What does this mean for the security of your Microsoft 365 account?
In a previous article, we briefly chatted about FileWall and its benefits, but in today’s article we’ll have more insight into this.
Microsoft’s move over the past few years from on-premises solutions to the cloud has been a bonanza for the company and its partners. This shift is exemplified by Microsoft 365, which has evolved from a box product to software-as-a-service that is now sold, deployed, and managed by an ecosystem of more than 90,000 Microsoft CSPs. Today more than ever, customers for Microsoft 365 for Business are dependent on their partners to continuously manage their infrastructure and protect them against cybersecurity threats. It is no secret that ransomware attacks are on the rise, targeting and crippling many SMBs. What is less known is that ransomware gangs are targeting Microsoft CSPs to not only attack these businesses but as a gateway to reach their customers. A successful penetration on a Microsoft CSP can easily mushroom into a ransomware threat for hundreds of businesses. As an SMB, what can you do to ensure you and your Microsoft partners are properly protected?
Exchange Online Protection: Is this enough?
First, it is important to point out that most ransomware attacks originate from emails that contain suspicious links or attachments. Microsoft has invested heavily in the security of its products and includes Exchange Online Protection (protects your email against spam, malware, and known threats such as ransomware) in all of its Microsoft 365 plans. For most SMBs and CSPs, this is the only protection they have. The question we need to ask is, “Is this enough?” What about unknown threats and malware within email attachments that are not covered by EOP? Microsoft offers another layer of security called ATP (Advanced Threat Protection), which is only available in Microsoft 365 Business Premium & E5. This includes two very important security products — Safe Links and Safe Attachments. If configured properly, it safeguards the scenario of opening suspicious links and attachments that have made it to your inbox by first opening them in a sandbox environment. Then, if deemed safe, you can access it from your email. While these solutions are very valuable, they need to be configured properly to be effective, and they have an impact on performance. In fact, we hear of many customers turning off Safe Attachments because of the disruption to their email service. This leaves a large number of Microsoft customers exposed to threats generated from email attachments.
To help mitigate this attack vector and to better protect SMBs from ransomware originating in email attachments, a cybersecurity company in Israel that specializes in protecting large enterprises from unknown malware threats has developed the first native security app for Microsoft 365 Mail (Exchange Online). Leveraging a proven technology called CDR (content disarm and reconstruction), odix has launched FileWall exclusively through the Microsoft marketplaces. Priced at $1 per user per month, and free for Microsoft CSPs, FileWall offers strong protection against unknown malware threats in email attachments with minimal impact on email performance. Deployment is done in a few clicks, and the Exchange Online/Microsoft 365 administrator now has complete visibility and control over the policy and usage of email attachments within the organization.
In the short time that FileWall has been available in the market, it has already garnered strong accolades from its users, as evidenced by the reviews on Microsoft AppSource. Even more important are the recent threats that have bypassed Microsoft’s EOP and ATP and have been caught by FileWall, as you can see here, here, and here.
With the holidays and the end of the year approaching, suspicious email attachments are on the rise. To ensure that Microsoft CSPs can handle these threats and safeguard themselves and their customers from ransomware attacks odix has launched a free FileWall NFR program that includes step-by-step deployment help.
Featured image: Freerange Stock