Why every organisation should backup Microsoft 365 data

The Australian Cyber Security Centre recently identified ransomware as the most destructive cybercrime threat facing Australia, noting all sectors of the economy had been directly impacted by ransomware in the year leading up to June 2022.

The Australian Parliament recently reported that ransomware incidents cost the Australian economy as much as $2.59 billion annually. According to payment verification company Eftsure, 33% of Australian companies that fell victim to a ransomware attack in 2021 paid the ransom, and the average payment was $1.25 million.

While the immediate costs of a ransomware attack are staggering, the time and money needed to rebuild systems following an incident are significant as well. The legacy of such an attack can also pose many additional challenges, including a loss of reputation among key customers and penalties or fines.

Users of Microsoft 365 applications including Outlook, Sharepoint, OneDrive and more are particularly attractive targets for ransomware, and attackers have multiple ways in which they can penetrate networks, gain access to data in Microsoft 365 and demand a ransom.

Approximately 54% of all ransomware attacks are initiated via email, and phishing emails where the attacker tries to get the victim’s log-in credentials are a favourite attack vector. With more than 354 million licensed Outlook users worldwide, this presents an extremely large attack surface for adversaries. For context, there were 71,299 phishing scams reported in Australia in 2021, up 62% from the previous year.

Vulnerabilities are constantly being unearthed in Microsoft 365 applications, which can give hackers access to vital information. For example, researchers recently found a loophole that could enable attackers to encrypt files stored in SharePoint or OneDrive.

Third-party Microsoft 365 backup is essential

In the event an organisation does agree to pay a ransom, there’s no guarantee the data will be returned. The best way to reduce these risks is with a secure backup, which enables encrypted Microsoft 365 data to be restored without paying a ransom. These backups must be comprehensive, taken regularly and tested frequently to ensure they give the level of protection required. They can also provide protection against other forms of cyber attack, and against accidental deletion or other causes of data loss.

Many IT managers — some 67% in fact — are labouring under the false belief that Microsoft will back up their data for them. This is not the case. Microsoft states explicitly that it is not liable for any disruption or data loss in the event of an outage or malicious activity. While Microsoft 365 does have a series of data retention policies, the maximum default retention policy is just 90 days, and this is simply not a failsafe option.

The only reliable way to protect your data and your organisation from ransomware is to have a third-party backup system that is independent of Microsoft 365.

It will enable you to re-install a clean version of your data and continue normal operations without paying the ransom. A good backup strategy can also help with licence management and regulatory compliance. While backup procedures are nothing new (and have been a necessary function of IT long before ransomware entered the ring) they have become absolutely critical now that ransomware is increasingly sophisticated and prevalent.

One line of defence is not enough

Aside from having a secure backup, all organisations should have email protection software in place to prevent phishing emails from even landing in staff inboxes in the first place. Good email protection will block spam and malware, include account takeover protection, and include incident response capabilities as well.

But having a reliable backup and email protection is no reason to ignore your first line of defence: your staff. Employees must be regularly trained to identify potential phishing emails and tested with mock phishing emails. They must also be trained on how to report any suspicious emails and trained to implement good password hygiene. If staff haven’t been educated on how to identify suspicious emails and what the latest attacks involve, how are they expected to recognise this when it counts?

Unfortunately, passwords, even robust ones, are becoming increasingly susceptible to being stolen as well. Additional measures such as two-factor authentication and zero trust security — where all users and devices attempting to access an organisation’s resources are authenticated and authorised before being granted access — are increasingly necessary.

None of these measures above remove the need for a reliable third-party backup solution: one that features full-scale encryption, multifactor authentication, role-based access control, immutable data and delayed purging. If all other security measures fail, such a solution will enable you to recover your data and restore full operation without having to pay a ransom.

The takeaway

Your backup is your best chance to recover after a ransomware attack, so it’s crucial to have a good copy of all your important data — including SaaS data in Microsoft 365.

Image credit: iStock.com/D3Damon