Nearly all Microsoft 365 customers have suffered email data breaches

(Image credit: Pixabay)

Using Microsoft 365, the software giant’s cloud-based communications and collaboration platform, could be a security liability for many organizations, a new report from Egress seems to suggest.

The data security company’s new Outbound Email: Microsoft 365’s Security Blind Spot paper, based on a poll of 500 IT leaders and 3,000 remote-workers in the UK and US, claims businesses who use Microsoft 365 suffer more email data breaches and have to deal with more difficult consequences in the aftermath.

Were it not for the pandemic, however, things would probably have been different.

More than two-thirds (67%) of IT leaders said the increase in email data breaches happened due to home working, compared to just below a third (32%) among those whose organizations don’t use Microsoft’s cloud-based collaboration and communication platform.

Furthermore, almost all (93%) businesses who use the service reported negative impacts following an email data breach, fewer than those who don’t use it (84%).

More than one in six (15%) of those using Microsoft 365 suffered more than 500 data breaches last year, compared to just 4% among those that don’t.

At the end of the day, the problem doesn’t seem to be in the platform itself, but in the way people use ut. More than a quarter of IT leaders (26%) said a severe data loss incident came from an employee sharing data via email by mistake. Yet again, the figure drops among businesses that don’t use Microsoft 365 - 14%.

The worst part is that IT leaders aren’t overly optimistic about the future, not believing things would change for the better, any time soon. More than three-quarters (76%) believe remote and hybrid working will make it harder to prevent email data loss from Microsoft 365 in the future.

Among those not using the service, just 40% share the same outlook.

“Microsoft 365 has seen phenomenal adoption during the Covid-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see,” commented Egress’ Chief Technology Officer Darren Cooper.

“We can’t ignore the risk of email data loss from Microsoft 365 and the shortcomings of static DLP solutions to mitigate the outbound email security risks that organizations face today. Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organizations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behavior and the context in which they’re sharing data to prevent data loss before it happens,” Cooper concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.