My previous blog asked if Microsoft 365 (M365) can be impacted or attacked by ransomware. The short answer is YES, it can. Many organizations, big and small, have adopted M365 services since the start of the pandemic to better support remote work. But as remote and hybrid work has flourished, so have cyber criminals as they see an opportunity to attack more remote devices and user accounts that access cloud and Software as a Service (SaaS) services like M365. In fact, as M365 usage has increased substantially in the past few years, ransomware alone has grown even more—by over 10x from July 2020 to June 2021*.
There is still a big misconception that once you move to the cloud or SaaS, the provider will take care of everything for you. But if you read your provider’s “Shared Responsibility Model” or the legal terms for your subscription like the EULA (End-User License Agreement, Section 6b), you’ll find nothing is further from the truth. In short, your data and its security, including backups and protecting it from ransomware, are your responsibility.
So you may have a rebuttal around the versioning or data retention capabilities available in various M365 services. Yes, these features pull back older versions of files or make data recoverable for an extended period. However, they do not constitute a complete backup strategy. And they do not address point-in-time considerations when a ransomware attack occurs and there is a need to recover data at scale.
You might be thinking that you primarily have user data on M365 and not any mission- or business-critical systems or data there, in which case it might be a tolerable or acceptable risk to lose some of that data if it is subject to attack. I would suggest giving that more thought. First, if you haven’t classified or masked any of your data, there is bound to be sensitive or confidential information within the vast trove of user data. Second and more importantly, malware’s most common entry point, including ransomware, is via email (MS Exchange Online). Once it gets in, it finds ways to compromise user credentials and gain broader access to your internal network and business-and mission-critical systems and data. That’s when things can go from bad to worse.
There are some key steps and considerations that will help you better protect your M365 data and recover from a ransomware attack. The first and most important step is to use a third-party backup service such as Cohesity DataProtect delivered as a Service to safeguard your data off the Microsoft cloud and provide:
Learn more about the impact of ransomware on M365 and your broader IT environment and get critical considerations for protecting your data and recovering from an attack. Download our guide.
*FortiGuard Labs. “Global Threat Landscape Report,” August 2021.