On September 25th I was invited to share my Top 5 lessons learned in defending Microsoft 365 at an event of the Netherlands chapter of ISACA. In Eindhoven a group of some 50 CISOs and other information security professionals learned what my personal eye-openers have been in the past 4 years while building Attic Security.
To set the stage, I started by asking whether the audience felt defending Microsoft 365 should be a priority to them at all. Was quite telling to have some of them answer they feel they should not be bothered as Microsoft should take care of it themselves.
So I used reports by ENISA and CISA to show they actually have an interest to understand what threats actually are related to a service like M365, as those threats seem to be the initial access vector for attackers in 88% of security breaches.
The 5 lessons I shared where:
- AiTM & Token Replay
- Privilege Management
- Public Sites & Teams
- Free SIEM
- Premium Anti-Phishing
I decided to record a desk version of the presentation as this is probably useful content for a broader audience. So here you go. https://www.youtube.com/watch?v=wYIcShuwUaA