search
Where Thought Leaders go for Growth
Reference a solution

7 reasons to protect your Office 365 email from cyber attacks

7 reasons to protect your Office 365 email from cyber attacks

By Sébastien Gest

Published: 12 May 2025

Businesses aren't the only ones adopting Office 365. Hackers are also taking a close interest. In particular, with increasingly sophisticated phishing techniques.

I'm a frequent and growing computer attack, targeting email in an increasingly sophisticated way: who am I? Some of you will already have recognised phishing. A type of attack increasingly favoured by hackers. Phishing often takes the form of an innocuous email (a government department or bank asks you to confirm your details) that appears to open an official page. Of course, this is not the case: the only purpose of the page in question is to retrieve login details so that the hacker can access resources.

While all email systems are being targeted, those hosted in the cloud and intended for businesses, such as Office 365, are favoured by hackers. And with good reason: every Office 365 user represents a potential point of entry to precious corporate resources. So there's an urgent need to secure these professional messaging systems. Here are 7 reasons to hurry:

1. the majority of attacks begin with the sending of an email

According to IDC, 80% of attacks start with email, while phishing remains the most common type of attack, but... not the most familiar to employees.

In fact, while users are relatively aware of spam (no one can escape it) or malware (everyone has experienced or heard a bad story on the subject), phishing is less anticipated. This perception can be explained by the fact that a "good" phishing email is painless at first, and the damage only appears later...

2. Every employee is a target

With phishing, every employee who can access company resources is a target. On the scale of a large company, there are thousands of potential targets that need to be protected, given that each one receives hundreds, if not thousands, of malicious emails every year.

76% of businesses say they were the victim of phishing attacks in 2017, and for 48% of them this type of attack is on the rise.

rapport State of the Phish 2018.

3. Attacks become more sophisticated

Phishing is becoming more sophisticated and is becoming " spear phishing". Explanations: phishing usually refers to mass attacks. These attacks rely on the fact that 20% to 30% of users will open malicious emails if they pass the filters. The spear phishing attack is much more personalised: it is based on an analysis of the social environment of the targeted employee in order to send them a contextual email, ideally referring to people they know.

These attacks are sequenced and progressive - the first email generally does not ask for any information. Also known as "president fraud", spear phishing can compromise highly sensitive resources (administrative or bank accounts, etc.). In short, phishing is like fishing with a net, whereas spear phishing is more like fishing with a harpoon.

4. the cost of attacks is underestimated

How much does a phishing attack cost? As is often the case with cyber attacks, companies are not chasing after publicity on these subjects. However, it is relatively easy to list the various sources of costs:

  • IT costs: for example to restore compromised systems.
  • Legal costs: particularly if customers' personal data is involved in an information leak.
  • Support costs : this involves managing the workload of telephone calls from affected users.
  • Business disruption costs: the attack may force services to be suspended while they are re-secured.

Finally, let's not forget the even greater damage to the company's e-reputation, which will probably have to be invested in to re-establish the trust that is essential to its business...

5. conventional anti-spam solutions are out of the game

Traditional security solutions are based on identifying known threats. To this end, they use signature databases (to intercept malware) and e-reputation repositories to assess the trust that can be placed in a sender (to filter spam). The limitation of these processes is obvious: they are incapable of recognising a threat the first time it arises.

6. Microsoft is a prime target

According to IDC, in the first half of 2018, Microsoft's email applications accounted for 54% of the global email application market and 47.6% of cloud deployments. In its latest reports, the publisher claims 155 million active users on Office 365.

Unsurprisingly, with such popularity, Microsoft and its solutions are prime targets for hackers. As a result, the latest edition of the "Phishers' Favorite" ranking names Microsoft as the number one company exposed to phishing attacks.

7. the use of complementary security solutions and AI is essential

With Exchange Online Protection (EOP) and Advanced Threat Protection, Microsoft offers several solutions to protect Office 365 from common threats. Effective against known threats, these solutions are much less effective against new attacks that are both more targeted and more sophisticated. From IDC to Gartner, analysts are strongly recommending the use of third-party tools to add extra layers of security to Office 365.

Against this backdrop, Vade Secure has chosen to invest heavily in artificial intelligence. The aim is to harness the power of self-learning machine learning algorithms to identify unclassified threats as such - and in real time. The aim is not to replace existing solutions, but to complement them so as to be able to deal with as yet unknown threats. Attacks that are sure to hit the headlines in the coming months.

Article translated from French