How Microsoft 365 Backups Store Risks for Future Attacks

As businesses continue to migrate their operations to the cloud, maintaining and managing the security of these environments has become mission-critical. Microsoft 365 is a widely adopted suite of productivity tools, but relying solely on its built-in security features may leave organizations vulnerable to significant risks.

The Acronis Threat Research Unit recently conducted a quantitative study to explore the core security landscape of Microsoft 365 , and the findings are both alarming and instructive.

The Research Project

The Acronis Threat Research Unit assessed the security of Microsoft 365 email and application backup data. The study focused on Microsoft 365 seats that were configured to rely solely on the security settings provided by Microsoft, without the use of any additional third-party security solutions, including those offered by Acronis.

To ensure a broad and representative sample, the research team randomly selected data sets from more than 300,000 M365 seats from a pool of 1.2 million.

The Findings

The results of the study were both revealing and concerning. The Acronis Threat Research Unit detected a staggering number of malicious and suspicious elements within the backup data:

• More than 2 million malicious or suspicious URLs: These URLs could lead to phishing sites, malware downloads, or other cyber threats.
• More than 5,000 instances of actual malware: This includes a variety of malicious software designed to compromise systems, steal data, or disrupt operations.

The fact that these protocols identified such a high number of risks indicates that the basic security measures included with M365 are insufficient to protect against the current threat landscape.

The Shared Responsibility Model

Microsoft operates on a “shared responsibility” model when it comes to M365 secuirty and data protection. This model means that while Microsoft is responsible for the security of the cloud infrastructure, the security of the data and applications within that infrastructure is the responsibility of the organization using the service.

This division of responsibility is crucial to understand, as it highlights the need for organizations to take proactive steps to secure their data.

The statistical data analysis conducted by the Acronis Threat Research Unit clearly demonstrates that the basic security protocols included in M365 are not sufficient to mitigate the level of threats present in today’s digital environment. Relying solely on these basic security measures can allow risks to not only evade detection but also to persist in backups, creating a long-term threat to cloud systems and endpoint devices.

The Risks of Inadequate Security

The persistence of threats in backups is a particularly concerning issue. When malware or malicious URLs are not detected and removed, they can be restored along with legitimate data, re-infecting systems and causing further damage.

This persistence can lead to a cycle of recurring security incidents, undermining the integrity and reliability of the organization’s data and systems.

Recommendations for MSPs and IT Teams

To ensure business resilience and continuity, the Acronis Threat Research Unit strongly recommends that Managed Service Providers (MSPs) and IT teams within organizations adopt a full spectrum of security and data protection solutions. This includes:

• Comprehensive Backup Solutions — Using robust backup solutions that include advanced security features can help ensure that backups are free from malware and other risks for both email and collaboration apps. This is crucial for maintaining the integrity of data and systems in the event of a security incident.
• Advanced Email Security — Implementing advanced email security solutions can help detect and block malicious emails, phishing attempts, and other email-based threats before they reach users’ inboxes.
• Collaboration App Security — Ensuring that collaboration apps, such as Teams and SharePoint, are protected against malware and other threats is essential. Advanced security protocols can help identify and mitigate risks in real-time.
• Regular Security Audits — Conducting regular security audits and vulnerability assessments can help identify and address potential weaknesses in the organization’s security posture.
• Security Awaeness Training — Educating employees about the latest security threats and best practices can significantly reduce the risk of successful attacks. Regular training sessions and phishing simulations can help employees recognize and respond to threats effectively.

Conclusion

The findings of the Acronis Threat Research Unit underscore the importance of a multi-layered approach to cybersecurity. While Microsoft 365 provides a solid foundation, it is not a comprehensive solution on its own. By leveraging advanced security and data protection solutions, organizations can significantly enhance their defenses and protect against the evolving threats that lurk below the surface.

The Acronis Threat Research Unit remains committed to ongoing research and innovation to help organizations stay one step ahead of cyber threats and ensure the security and resilience of their digital environments.

For more information about Acronis 7-in-One comprehensive solutions for M365, access our dedicated resources page.

For more information on the Acronis Threat Research Unit or to follow the latest alerts and updates, access the research blog here.

Sponsored and written by Acronis.