78% of Microsoft 365 admins don’t activate MFA
On average, 50% of users at enterprises running Microsoft 365 are not managed by default security policies within the platform, according to CoreView.
Microsoft 365 administrators fail to implement basic security like MFA
The survey research shows that approximately 78% of Microsoft 365 administrators do not have multi-factor authentication (MFA) activated.
According to SANS, 99% of data breaches can be prevented using MFA. This is a huge security risk, particularly during a time when so many employees are working remotely.
Microsoft 365 admins given excessive control
Microsoft 365 administrators are given excessive control, leading to increased access to sensitive information. 57% of global organizations have Microsoft 365 administrators with excess permissions to access, modify, or share critical data.
In addition, 36% of Microsoft 365 administrators are global admins, meaning these administrators can essentially do whatever they want in Microsoft 365. CIS O365 security guidelines suggests limiting the number of global admins to two-four operators maximum per business.
Investing in productivity and operation apps without considering security implications
The data shows that US enterprises (on average, not collectively) utilize more than 1,100 different productivity and operations applications, which indicates a strong dedication to the growing needs of business across departments, locations, and time zones.
While increased access to productivity and operations apps helps fuel productivity, unsanctioned shadow IT apps have varying levels of security, while unsanctioned apps represent a significant security risk.
Shadow IT is ripe for attack and according to a Gartner prediction, this year, one-third of all successful attacks on enterprises will be against shadow IT resources.
Many orgs underestimate security and governance responsibilities
Many businesses underestimate the security and governance responsibilities they take on when migrating to Microsoft 365. IT leaders often assume that Microsoft 365 has built-in, fool-proof frameworks for critical IT-related decisions, such as data governance, securing business applications, and prioritizing IT investments and principles.
The research disprove this by revealing that many organizations struggle with fundamental governance and security tasks for their Microsoft 365 environment. Today’s remote and hybrid working environment requires IT leaders to be proactive in prioritizing security and data governance in Microsoft 365.