Security Experts:

Security Concerns Hamper Migration to Office 365: Report

An increasing number of organizations have started using Microsoft’s Office 365 platform, but many haven’t migrated due to security concerns, according to a report published on Thursday by Barracuda Networks.

The study is based on a survey of more than 1,100 organizations of all sizes from North America, Europe, Africa and the Middle East. Nearly two-thirds of respondents said they are using Office 365 and 49% of the remaining organizations plan on migrating. While the number of organizations that started using Office 365 has increased, the adoption rate has declined compared to 2015-2016, when the number of subscriptions doubled.

Nearly 44% of organizations that haven’t moved to Office 365 decided against migrating due to security concerns. Of the companies that plan on migrating, more than 73% said they were concerned about advanced threats in their future Office 365 environment. Nearly 70% of those that have already started using Office 365 are also concerned about sophisticated threats.

More than 86% of respondents are concerned about phishing, impersonation and social engineering attacks, while 92% are concerned about ransomware.

“The very high rates of concern about security—including worries about latent threats, advanced malware, phishing and spear phishing, and especially ransomware—may be the single most important contributing factor to the overall decline in the rate of adoption that the survey revealed,” Barracuda said in its report.

How well are these organizations prepared to handle potential attacks? Only one-third of respondents said they have a third-party security solution designed to protect them against phishing and other social engineering attacks, and 69% said they provide training for their employees.

Despite the fact that email has been one of the main ransomware delivery vectors, more than half of respondents don’t use DMARC or DKIM/SPF, protocols designed to detect and prevent email spoofing.

Microsoft offers its own security service for Office 365, Advanced Threat Protection (ATP), but only 15% of respondents said they use it. On the other hand, many are either using or are planning on using third-party solutions for Office 365 security, archiving and backup.

Office 365 security

“Overall, respondents reported significant doubts about the effectiveness of native security and other features of Office 365. In particular, they had concerns about these features’ ability to protect them effectively against ransomware, phishing, and spear-phishing or social-engineering attacks,” Barracuda said.

In the past months, there have been several reports of serious vulnerabilities affecting Office 365 and even sophisticated attacks targeting users of the platform.

Related: Microsoft Unveils New Security and Risk Capabilities in Office 365

Related: Office 365 Users Need Better Care of Sensitive Data

Related: Office 365 Flaw Made Fake Microsoft Emails Look Legitimate

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.