Tips to Prevent Office 365 Data Loss as a Result of Ransomware

Over the past year, the rise in number and sophistication of ransomware attacks has skyrocketed. According to a Global Ransomware Study from SentinelOne, more than half (56%) of businesses surveyed suffered ransomware attacks in the last 12 months. Companies experienced, on average, five ransomware attacks during the same period of time.

Ransomware attacks are not cheap. The report revealed that these kinds of attacks are costing individual businesses an average of $833,716.53, per annum. These costs are incurred as a result of damage and/or data loss, downtime and lost productivity, ransom (if the organization decides to pay the hacker), forensic investigation, restoration and deletion of hostage data and systems. Not to mention the potentially irreparable damage to a brand and its reputation.

When it comes to the effort behind these attacks, hackers are taking the easy route. According to the Microsoft Security Intelligence Report Volume 23, ransomware hackers have been targeting what they consider “low-hanging fruit,” such as SaaS apps used by organizations.

While Microsoft products and services have been targeted by hackers for decades, now that Office 365 has become one of the company's fastest-growing revenue streams, it has become a primary target for ransomware. With such great risk for data loss at the hands of hackers, it's important to be proactive and think holistically in order to protect your Office 365 data from a ransomware attack. Here are three steps that you can follow to make sure your data is protected.

Step One: Know What You're Up Against

The first step to protecting your data is knowing what you're up against. When you look at it from a high level, there are typically three main components to most ransomware attacks: find a way in, land and expand and encrypt and ransom.

  1. Finding a way in: The first component requires tricking an end user into opening an email that contains ransomware and executes malicious code. Ransomware will masquerade as links to software updates or as macros and will commonly exploit a software vulnerability, leverage scripting or APIs as entrance points or compromise a user's password or PII to find a way into your organization.
  2. Land and expand: Once a breach has occurred, ransomware is built to expand quickly and lock down as much of your system as possible. Ransomware can be programmed to search for critical files locally, in the cloud and on the network. With Office 365 and other cloud apps, ransomware can easily propagate through sharing. Collaboration tools such as OneDrive for Business and SharePoint Online can inadvertently spread ransomware across multiple users, systems and shared documents. The impact can be full access to your organization's critical data.
  1. Encrypt and ransom: Ransomware, unlike other types of malware, will encrypt your files and/or lock down your system. Infected devices will receive a message that their data is being held for ransom. Hackers usually demand payment in cryptocurrency to unlock the systems and restore data. There is no guarantee that the hacker has not damaged your data, or that they will even return it once the ransom is paid.

Step Two: Prevent an Attack

How do you successfully prevent ransomware from breaching your organization? There's no single solution to protect you, but taking a layered approach is a great place to start. The National Institute of Standards and Technology (NIST) Cybersecurity Framework outlines crucial pillars which require evaluation when moving your critical business data to a SaaS application – Identity Management (Protect), Data Loss Prevention (Detect) and Backup and Recovery (Recover). End-user training is also essential to preventing an attack, as end users are often the “malware gateway” into your organization.

Step Three: Secure Your Data (Just In Case)

There's no way of knowing what might happen, so it's vital to have healthy processes in place to protect critical business data before something malicious occurs. By implementing a trusted backup and recovery solution proactively, you are protecting your data and your organization's productivity from cyber-attacks. In the event that you do suffer an attack, your organization must be able to get back up and running quickly. Most backup solutions available for SaaS applications can restore your critical business data to the last ‘clean' version before the attack occurred. This restore capability also minimizes the hefty cost of employee downtime as well as eliminates the need to pay the ransom.

The evolution of ransomware and the major shift organizations are making from on-prem to the cloud is creating new risks for Office 365 users. It is inevitable that these threats exist and it's impossible to know if, or when, you will be targeted. The best way to ensure your critical data is protected is to get ahead of the problem and to take a holistic approach. Learn about what you are up against, prevent an attack to the best of your ability and secure your data by backing it up so that you will be prepared if your “worst case scenario” occurs.  

Brian Rutledge

MBA/CISSP with 20 years experience as a managing supervisor, technical lead and currently security engineering audit/consulting. Experience in various aspects of the SaaS cloud, consulting, and telecommunications industries including: IT architecture

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.