It is never a good cyber security story, when I read there is a security issue with SharePoint – I have written many cyber security plans that depend on the integrity of Microsoft and SharePoint.
New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)
Audit logs are a key tool that I have used in many investigations and are a key part of monitoring the information in Microsoft 365. Anything that aids a threat actor in silently extracting your information is going to be an issue.
At the moment these two flaws are only “in the lab” and have been demonstrated by researchers but where researchers go threat actors are sure to follow.
Let’s hope Microsoft reacts better to these issues than it has to these:
More pain for Microsoft and something free for you | Smart Thinking Solutions
HTML emails | Smart Thinking Solutions
Is Microsoft and New Outlook being “reasonable”? | Smart Thinking Solutions
Your takeaway
I have written Microsoft into many cyber security plans as a trusted partner, on whom the client can rely on to store and manage their information to the highest standards. In fact at this very moment, I am carrying an internal project at Octagon Technology to review and update our cyber security. This includes “trust in Microsoft”.
To give me “Defence in Depth” I back my cyber security plan up with a Security Operations Centre (SOC), which monitors for known threats and rogue users but also using AI and Machine learning detects and reports on anomalous activity – including strange data exfiltration – enabling oncall cyber security experts to respond.
We use a SOC, as do many of our cyber security clients, to monitor, report and respond to our systems 24/7 throughout the year.
Is it time you took a crucial step to improve your organisation’s cyber security?
Register for our free webinar, hosted by industry expert John O’Mahony, who is a Senior Cybersecurity Solutions Specialist with Kaseya and specialises in how corporate level cyber security tools can be leveraged for smaller organisations.
Leveraging Corporate Level Cyber Security Webinar – Register Here
I look forward to seeing you there.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
For more on the importance of knowing who is in your system and what they are doing have a look at this article: