It is a known fact that cyberattacks on worldwide infrastructures increased dramatically during the pandemic. Email Phishing incidents also rose approximately 200% during the height of the global pandemic compared to the yearly average.
When it comes to Microsoft 365 (M365), there are some startling statistics that clearly demonstrate why M365 email security and protection is important.
⦁ 85% of organizations using Microsoft 365 have had an email data breach in the last 12 months.
⦁ Organizations using Microsoft 365 have seen a 67% increase in data leaks via email since March 2020 – compared to just 32% of the businesses who don’t use it
⦁ With 60% of data breaches attributed to poor patch management, there were 1,220 new CVEs across Microsoft products in 2020 in the common vulnerability and exposures (CVEs) database.
“Despite the growth in more targeted attacks through other vectors, email is still the most common channel for opportunistic and targeted attacks, as well as a significant source of data loss.” – Gartner 2020 Market Guide for Email Security
Is email security necessary for your clients?
Cybercriminals use email as a primary attack vector to steal data, make money, and/or harm the attacked environment. They do this by stealing sensitive and/or personal information through various social engineering techniques, or malicious links and attachments.
Any organization that manages and stores sensitive information or personally identifiable information (PII) must take even stricter measures to protect and secure this information. If sensitive data ends up in the hands of unauthorized parties, it can lead to severe financial and reputational damage and litigations if non-compliant with regulatory requirements.
Loss of your intellectual property (IP) – Many of your clients manage and store extremely sensitive business data that differentiates their company, products, and services. These include financial, customer, R&D information, brand and trade secrets, patents, formulas, recipes, designs, software code, search algorithms, etc.
Non-compliance with regulatory requirements – Many of your clients maintain a wealth of information about their customers and prospects, whether it be PII, PCI (card information), or Protected Health Information (PHI). In these cases, your clients are also subject to regulatory requirements – such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI DSS), and Health Insurance Portability and Accountability Act (HIPAA).
Brand damage – A data leak can require a business to compensate affected customers and/or in the worst case, customers may choose NOT to do business with you, which can impact your brand reputation and ultimately your future revenues.