Microsoft 365 administrators fail to implement basic security such as MFA.
The survey survey found that approximately 78% of Microsoft 365 administrators did not activate multi-factor authentication (MFA).
According to SANS, 99% of data breaches can be prevented with MFA. This is a huge security risk, especially at a time when so many employees are working remotely.
Microsoft 365 administrators were given excessive control.
Microsoft 365 administrators get excessive control, leading to better access to sensitive information. 57% of global organizations have Microsoft 365 administrators with redundant permissions to access, modify, or share critical data.
In addition, 36% of Microsoft 365 administrators are global administrators, which means that these administrators can essentially do what they want in Microsoft 365. CIS O365’s security guidelines suggest that the number of global administrators is limited to a maximum of two to four operators per company.
Invest in productivity and control apps without considering security implications.
The data shows that U.S. companies (on average, not collectively) use more than 1,100 different productivity and operational applications, indicating a strong commitment to the growing needs of businesses across departments, locations, and time zones.
While improved access to productivity and operational apps drives productivity, unapproved shadow IT apps have different levels of security, while unapproved apps pose a significant security risk.
Shadow IT is ripe for attack, and gartner’s prediction this year, a third of all successful corporate attacks will be directed against shadow IT resources.
Many organizations underestimate security and management responsibilities.
Many companies underestimate the security and governance responsibilities they take on when migrating to Microsoft 365. IT leaders often assume that Microsoft 365 has built-in, infallible frameworks for critical IT-related decisions, such as data management, securing business applications, and prioritizing IT investments and principles.
The research debunks this by revealing that many organizations are struggling with basic governance and security tasks for their Microsoft 365 environment. Today’s external and hybrid work environment requires IT leaders to be proactive in prioritizing security and data management in Microsoft 365.