IT pros suffer from serious misconceptions about Microsoft 365 security

Conceptual art of a computer system being hacked.
(Image credit: Getty Images)

A quarter of IT professionals either don’t know or don’t think Microsoft 365 data can be impacted by a ransomware attack, research from Hornetsecurity has claimed.

In addition, 40% of IT professionals that use Microsoft 365 in their organization admitted they do not have a recovery plan in case their Microsoft 365 data is compromised by a ransomware attack.

Though many of the less advanced ransomware variants can only encrypt targets such as Windows file libraries, many variants can encrypt data that is stored inside SaaS (Software-as-a-Service) applications like Microsoft 365.

Ransomware knowledge gap

The firm’s research, which surveyed over 2,000 IT leaders, also revealed several other findings related to ransomware.

In 2022, 24% of those surveyed said they have been victims of a ransomware attack, an increase from 21% in the previous year. In 2021, 16% of Hornetsecurity's respondents reported having no disaster recovery plan in place, howevever in 2022 this grew to 19%, despite the rise in attacks.

The survey also showed that more than one in five businesses (21%) that were attacked either paid up or lost data, and that 7% of IT professionals whose organization was attacked paid the ransom, while 14% admitted that they lost data to an attack.

If you're interested in learning more about the type of ransomware protection that Microsoft 365 provdies as standard, the company's guide can be found here.

“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Daniel Hofmann, CEO at Hornetsecurity.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.