While the Covid-19 crisis is “moving the world toward increased technological innovation and online collaboration,” according to the U.N, “cybercrime is also on the rise with a 600% increase in malicious emails.” In a recent Statista survey of global online fraud examiners, 60% predicted a significant increase in cybercrime. Now, more than ever before, companies need to test their IT security.
A penetration test (pentest) is an authorized hack of your IT systems, designed to mimic a cyberattack in a controlled environment. It is usually conducted once a year to evaluate the security of your IT infrastructure, identify vulnerabilities in your systems and find solutions to resolve identified risks. Often, companies rely on an annual pentest as their sole method of assessing the integrity of their IT infrastructure.
The problem with a pentest is that you’re only getting a snapshot of the gaps in your perimeter security and not a complete evaluation of your security architecture. Pentests look for known and unknown vulnerabilities in your IT systems and assess if they could cause potential harm to your IT infrastructure. They don’t always point out security gaps that arise from misconfigurations or lack of configuration.
Some of the security issues that a pentest will not uncover include:
- Improperly configured Office 365 authentication rules
- Lack of alerting on your sign-in logs and permissions settings
- Already compromised user and rogue forwarding rules
- Misaligned attachment scanning protocols and spam filters
- Improperly set up MFA (Multi-Factor Authentication)
- Unsecure PIM (Privilege Identity Management) and self-service password settings
- Incorrect Active Synch, POP3, and IMAP settings
- Disabled anti-spam and anti-phishing policies in EOP (Exchange Online Protection) or exception rules that may introduce new vulnerabilities
- Misconfigured DKIM (Domain Key Identified Mail) protocols
- Unmonitored credential phishing activities
- Improperly set up conditional access protocols
- Unsecure email forwarding protocols, including automatically forwarding incoming emails using keywords, and email forwarding rules set to permit the forwarding of personal emails
This is not an exhaustive list, and it is far from a complete IT systems evaluation. At CrucialLogics, we can help you improve your IT security infrastructure and extend the functionality of your annual pentest with a comprehensive Office 365 assessment, including:
- Office 365 Configuration Assessment
CrucialLogics can evaluate the efficiency of your security controls used in the configuration and deployment of your Azure and Office 365 configurations, authenticate the default settings and identify improvement opportunities. We can also assess how your overall IT infrastructure and user bases align with your IT security architecture and best practices.
- Office 365 Security Design and Compliance Assessment
We can assess your security architecture and design with your Office 365 and Azure platforms to identify opportunities for improvement. Advanced system configurations, company processes, and user accountability will be addressed following best practices to meet company policy and regulatory compliance requirements, including NIST 800-53, ISO 27001, GDPR, and HIPPA. Read more about managing your compliance in our recent blog here.
- Cloud Security Assessment
CrucialLogics can collaborate with you to assess your cloud security protocols, including identity protection, data integrity, access control, threat management, and governance. Based on the assessment results, we will design a cloud security solution that can be integrated across diverse cloud technologies and platforms, including AWS, Azure, and Google.
- Office 365 Remediation
Using Microsoft Defender for Office 365, we can identify suspicious or malicious files on a user’s endpoint device, including credential phishing viruses, and take remedial action. Our team of experts will then combine the results of all the assessments undertaken to compile a detailed report and work with you to develop an appropriate remediation plan.
If you are looking for a complete IT security evaluation, including a comprehensive overview of your current Office 365 security environment and insight into your IT protocols and tools, we can help. We also perform security updates on OneDrive, SharePoint, Exchange, and Azure Active Directory platforms.
Companies like yours turn to us to improve their security posture in line with best practices. Let us conduct a comprehensive Office 365 assessment. We will give you a complete picture of the status of your IT infrastructure security and a safety measures roadmap for the future. Reach out to our team today.