Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/12/2017
02:10 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Security No. 1 Inhibitor to Microsoft Office 365 Adoption

More businesses are switching to Office 365 despite fear of social engineering and ransomware attacks, but some remain wary.

Security is the primary reason businesses are hesitant to switch to the cloud-based Microsoft Office 365, but adoption continues to grow despite fears of spearphishing and ransomware attacks.

In April 2017, data protection firm Barracuda Networks polled 1,100+ organizations to learn about the trends around Office 365 adoption and usage, including the factors and concerns customers face when deciding whether to migrate or stick with their existing business software platform.

Results say adoption is increasing overall. Researchers found 63% of respondents currently use Office 365 and among the remaining respondents, some 49% plan to migrate to it. This marks a 20% jump from a similar study in 2016, when 42% of businesses surveyed were using Office 365.

"The cost and complexity of running on-premise datacenters is at a point where the cloud offers some very compelling benefits," says Sanjay Ramnath, vice president of security products and business strategy at Barracuda. "There's a combination of things that is in some cases enticing, in some cases forcing, users to move to the cloud."

Security concerns are the top inhibitor for 44% of businesses deciding against Office 365, primarily because of email-based threats like phishing, spearphishing, and ransomware. Exchange Online is the most commonly used tool in Office 365, with 87.3% usage, followed by OneDrive for Business (70.9%), and SharePoint Online (56.8%).

Other reasons for not adopting Office 365 include having a "no cloud" policy (32%), lack of budget (38.4%), and hassle of migration (30.4%). While the transition from traditional Microsoft Office to Office 365 is "nearly transparent," researchers say, it takes a lot of time and effort to shift resources, processes, and workloads, which affects security, compliance, and backups.

The fear of advanced threats extends to current Office 365 users as well, says Ramnath. More than three-quarters of those planning to migrate were concerned about advanced threats, but so were 70% of people currently on the platform. An overwhelming majority (89%) of those surveyed are worried about phishing, spearphishing, and social engineering attacks.

Ransomware came up in almost every conversation with respondents, he reports. Overall, more than 92% are worried about ransomware, and more than 47% report they have been victim of a ransomware attack. Of those victims, 76% report email was the threat vector.

"Adoption is growing but there are barriers to Office 365," Ramnath explains. "The biggest were around the need for the right level of security and right level of control."

Despite their concern, only 15.6% of respondents use Office 365 Advanced Threat Protection (ATP), reporting doubts about the effectiveness of native security and other features in Office 365. Most don't believe these features will protect them from advanced threats.

However, this doesn't mean they seek alternative tools to protect themselves. Less than 36% of respondents report using a third-party tool to lessen the threats of phishing, spearphishing, and social engineering, researchers found.

Only 8.5% of respondents have set up Domain-based Message Authentication, Reporting & Conformance (DMARC), standards-based protocols that can cut the risk of phishing and social engineering threats. Nearly 40% have set up DomainKeys Identified Mail/Sender Policy Framework (DKIM/SPF), but more than half (52.5%) have done neither.

Most (70%) train employees on how to recognize and avoid these threats but only about 19% use a third party to conduct this training. "Training can only get you so far," says Ramnath. "You need a combination of training, and technology to protect yourself."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...