Microsoft’s subscription service, Office 365, has been very successful. Business subscriptions are up (20 per cent last year), while revenues have overtaken those of traditional long-form licensing models.
New Computing research, now available in a white paper, shows that 95 per cent of respondents (170 UK IT decision makers) have already migrated to Office 365. However, more than 70 per cent lacked full confidence in the service’s security measures, which is preventing larger-scale migration.
Respondents said that complexity of hybrid cloud migration and portability of data were both top concerns preventing their organisation from fully adopting Office 365; but security was by far the most widely-shared factor, cited by more than 56 per cent of IT leaders.
In something of a surprise result, considering the proliferation of damaging attacks last year, ransomware was feared less than general malware, viruses and Trojans. It is still a significant threat for the future, though.
The majority of malware – 90 per cent – is still delivered through email. Three-quarters of organisations said that they had experienced an email-based attack in the last two years, and 41 per cent fending off multiple attempts. Further, almost 80 per cent expect to fall victim to email fraud in the coming year.
Office 365 is not itself to blame for the weaknesses in email security that cyber criminals are exploiting, although it is a large and growing target – and, as mentioned above, confidence in the service’s security features is lacking.
Fewer than 30 per cent of respondents said that they believed Office 365’s security to be adequate, while most (56 per cent) sat on the fence with a “Maybe”. 14 per cent thought that their defences were not up to the job.
On top of these findings, there is considerable confusion about what an Office 365 subscription provides in terms of security. A standard subscription to Exchange Online provides spam filters and malware protection, although it is basic, relying on traditional anti-virus scanning tools. This makes it useful against conventional threats, but lacking against contemporary attacks like social engineering.
Around a quarter of respondents believed that any Office 365 subscription protects them against phishing (not true), and 27 per cent that it blocks ransomware (dependent on the form of attack and level of subscription).
The disconnect between belief and reality means that many of our respondents may be running unnecessary risks with their cyber security.