Productivity software is one of the best ways to boost the performance of business applications and the people who use them. But it is also turning into a vulnerability for the enterprise as hackers find new ways to worm their way into sensitive data infrastructure.
One of the latest attempts was made against Office 365 users, some of whom, luckily, had also deployed detection software by Avanan. The PhishPoint attack was made through a familiar route: email. Unsuspecting knowledge workers received an email with a link to a SharePoint document that appeared to contain a standard request to a OneDrive file. Instead, it was a link to a malicious site that harvested user names, passwords and other information.
It seems that these kinds of attacks are becoming more common. Microsoft said it recently thwarted an attempted Russian cyberattack on U.S. political organizations that tried to steer users toward false Office 365, SharePoint and OneDrive sites. Microsoft’s Digital Crimes Unit has linked the attack to the shadowy Advanced Persistent Threat 28 organization, which is suspected of having ties to the Russian military’s Main Intelligence Directorate. The company says it has shut down more than 80 sites used by the organization and is offering users free access to its AccountGuard service backed by its own Threat Intelligence Center for continuous monitoring and alert services.
Of course, prevention is always better than corrective action when it comes to cybersecurity. Commvault’s Randy De Meno says one of the best ways to ensure the integrity of productivity suites is proper data management. While it is crucial for users to be able to search and communicate across on-premises and cloud infrastructure, this capability should not come at the expense of data integrity. As well, data protection and recovery strategies should reflect the growing use of third-party resources and infrastructure, since providers may or may not have the ability or the desire to provide complete protection of the data in their charge.
Unfortunately, it appears that security challenges will only increase as the enterprise builds greater reliance on productivity tools. Already, many workers are leaving the office and choosing to engage enterprise systems through mobile devices. More than likely, this will expose data to any number of downloadable apps designed to share files, connect with coworkers, and perform a wide range of other functions. This puts the onus on the enterprise to not only secure its data but to manage connectivity to ensure passwords and other means of authentication are not being shared over unsecured Wi-Fi and cellular services.
Increasing productivity is like stepping on the accelerator of a car. Yes, we all want to get to where we are going faster, but not at the risk of causing an accident. The enterprise is under tremendous pressure these days to do more in less time and with lower resource consumption, but careless deployment of productivity suites could very well lead to vulnerabilities that could jeopardize the business model.
As in all things related to IT infrastructure, the enterprise would do well to manage the risks of productivity while maximizing the rewards.
Arthur Cole writes about infrastructure for IT Business Edge. Cole has been covering the high-tech media and computing industries for more than 20 years, having served as editor of TV Technology, Video Technology News, Internet News and Multimedia Weekly. His contributions have appeared in Communications Today and Enterprise Networking Planet and as web content for numerous high-tech clients like TwinStrata and Carpathia. Follow Art on Twitter @acole602.