"90% Of Organizations Have Microsoft 365 Security Gaps"

A recent study of 1.6 million Microsoft 365 users across three continents discovered that 90 percent of organizations lacked essential security protections. Microsoft 365 administration was found to be difficult. CoreView experts examined the most common issues to determine what companies are doing well and to identify gaps in Information Technology (IT) management strategies. According to the study's findings, many common security procedures are not followed 100 percent of the time, so most organizations' security defenses are weakened as a result. While most businesses have strong documented security policies, the research found that many are not consistently implemented due to reporting challenges and limited IT resources. Ninety percent of businesses had gaps in all four key areas studied: multi-factor authentication (MFA), email security, password policies, and failed logins. Due to their higher access levels, 87 percent of businesses have MFA disabled for some or all of their administrators, which are the most critical accounts to protect. Only 17 percent of businesses had strong password policies that were consistently followed. Almost every organization leaves the door open for cybersecurity threats due to weak credentials, particularly for administrator accounts. In addition to security issues, the study identified key areas for improvement in Microsoft 365 license management. On average, 21.6 percent of licenses were unassigned or "sitting on the shelf." Another 10.2 percent of licenses were inactive, for a total of 31.9 percent of licenses that were not in use. More than 10,000 licenses were unassigned or inactive in 17 percent of companies. This article continues to discuss key CoreView experts' findings from the evaluation of 1.6 million Microsoft 365 users. 

Help Net Security reports "90% Of Organizations Have Microsoft 365 Security Gaps"