Even the Pros Underestimate Microsoft 365’s Ransomware Risk

Plus, 27% of organizations don't offer end-user training on how to recognize potential ransomware attacks.
Adam Rowe

One out of every four IT professionals either aren't aware of or don't believe that Microsoft 365 can be impacted by a ransomware attack, new research has found.

On top of that, 40% of those professionals that use the workplace software say they have no recovery plan if any data is compromised in a ransomware attack.

Ransomware attacks are a growing threat, and that's been common knowledge in the tech community for several years now, with 70% of the biggest reported cyber attacks in the last year being ransomware, and 82% of ransomware attacks aimed at small businesses specifically.

Nearly One in Five IT Pros Overall Have No Recovery Plan

The report, out from security firm Hornetsecurity, drew on a survey of more than 2,000 IT leaders. Oddly, the research even shows that the number of IT pros without a data recovery plan in the event of a ransomware attack has risen since last year, even though the possibility of an attack has grown as well.

In 2021, 16% of the survey's respondents said they had no disaster recovery plan in place, a statistic that grew to reach 19% in 2022.

“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.” -Hornetsecurity CEO Daniel Hofmann

That same stat grows to 40% when only looking at IT pros who work within Microsoft 365. But ransomware can sneak into a system in plenty of ways, and Microsoft 365 isn't the only vulnerable system around.

What Are the Biggest Threats to Business Security?

Hornetsecurity found a laundry list of ways that both successful and failed ransomware attacks have been attempted across the past 12 months.

First, six out of every ten ransomware attacks were intitiated through email or phishing. Related: Hornetsecurity says that 27% of organizations “do not provide end-user training on how to recognize and flag potential ransomware attacks.”

Hackers always target the weak link in a security system, and that link is often an employee who are willing to download a file from a malicious email.

Other ransomware attack problem areas include: ‘compromised endpoints’ (16.4%), ‘poor perimeter security’ (7.7%), ‘social engineering’ (7.2%), and ‘exploits (zero-day or other)’ (6.4%).

How to Stay Safe Online

End-user training can help employees learn what red flags will help to highlight a phishing email before it's too late.

But this training should be supplimented with software designed to flag potential threats and point them out to employees — it's easy to slip into a less cautious state when you're fielding dozens of emails every day. We'd recommend a good password management tool: Many of the top choices will flag suspect website logins, making them a great layer of security for dodging a phishing attempt.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals