A survey conducted by Hornetsecurity shows that organizations turned on more Microsoft 365 security features over the past year as they became increasingly vulnerable to cyberattacks. The more functions they activated, the higher the number of attacks.
A global IT security and compliance survey of more than 800 IT professionals found that the more Microsoft 365 security features used, the higher the number of IT security incidents. Companies using Microsoft 365 and using one or two of the existing security features reported cyberattacks 24,4% and 28,2% of the time, respectively, while companies using six or seven features reported 55,6% and 40,8%, respectively. 3% of cases reported attacks. Overall, 10 out of 29,2 organizations (365%) using Microsoft 12 reported at least one known security incident in the last XNUMX months.
Too many tools - more attacks
The survey conducted by Hornetsecurity, a leading provider of security and backup solutions for Microsoft 365, shows that while the use of additional security features is essential, it is more advisable to use proven and easy-to-use solutions - preferably under the guidance of specialized security experts.
What do the IT security experts say?
Hornetsecurity experts believe these results are likely due to a number of factors. For companies with a high number of security functions, these were probably implemented over a longer period of time due to ongoing cyber attacks to mitigate potential security threats.
The Hornetsecurity experts also point out that the more security functions the IT teams try to implement, the more complex a security system becomes. Sometimes functions can be misconfigured, resulting in vulnerabilities. This is confirmed by the fact that 62,6% of respondents cited "not enough time or resources" as the main obstacle to implementing additional security features in their organization.
False sense of security within the company
Using more features can also contribute to a false sense of security within the organization. For example, this can result in employees becoming less vigilant about potential security threats, believing that all of these features will protect them without having to put in an extra active effort.
What are the barriers that IT professionals face when implementing security features in their organizations?
- Surprisingly, a quarter of respondents (25,7%) who employ more than 50 people and have compliance requirements have neither a dedicated compliance officer nor an IT security officer. Several factors contribute to insufficient attention being paid to IT security and compliance in medium-sized and large companies:
- About 2 in 3 of the IT professionals surveyed (62,6%) cite “lack of time or resources” as the top barrier to implementing security features in their organization. This is followed by "lack of budget" (44,6%), "qualification problems and/or lack of knowledge" (36,2%) and "lack of interest from company management" (23,1%).
- All of the above results point to a general lack of urgency about security in organizations. Only 2% of respondents said there are no barriers when it comes to security, and more than half of respondents (55,5%) said their organization does not have a process for tracking and reviewing changes – an important tool for detecting security threats.
What are the most commonly used security features in organizations?
- Of the 11 security features named in the survey, spam filtering was the most popular. It is used in the company by 84,4% of those surveyed. "Multi-factor authentication" (82,7% of respondents) follows closely behind. "Web traffic filtering", "permission management" and "IT security training for users" are used by 68,8%, 66,4% and 61,2%, respectively.
- The least common security measure was the “SIEM solution”, used by only 14,1% of the respondents. However, SIEM solutions also have the highest rate of cybersecurity incidents at 42,1%. This supports the finding that more advanced security measures are needed as companies are an attractive target for the escalating cyberattacks.
About Hornetsecurity Hornetsecurity is the leading German cloud security provider for e-mail in Europe and protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hanover provides its services via 10 redundantly secured data centers around the world. The product portfolio includes all important areas of e-mail security, from spam and virus filters to legally compliant archiving and encryption, to defense against CEO fraud and ransomware. Hornetsecurity has around 200 employees at 12 locations around the world and operates with its international dealer network in more than 30 countries.