On March 3, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive regarding vulnerabilities in on-premises Microsoft Exchange servers. A group from China, called HAFNIUM, has been actively exploiting these vulnerabilities to access Exchange servers and steal sensitive data. The CISA directive instructed administrators to patch these vulnerabilities immediately.
While the vulnerabilities affected multiple versions of Microsoft Exchange, from 2013 to 2019, there is no indication that Microsoft Exchange Online servers were impacted. Exchange Online is the service utilized by Office 365 for email. While Microsoft have often promoted the productivity benefits of moving email services to the cloud with Office 365, this week’s CISA alert is a reminder that security should also be a factor when considering your company’s IT needs.
Simply put, Office 365 is more secure than on-premises Exchange. Microsoft Cloud engineers are constantly at work improving the service and keeping it secure. On the other hand, on-prem Exchange is usually patched on a schedule – and these patches are usually a response to a vulnerability or flaw that someone has discovered, which can lead to situations like this week’s discovery. According to CISA, this vulnerability may have been exploited since September 2020, giving the attackers months to work undetected.
Office 365 also offers easy-to-use Multi-Factor Authentication, a crucial technology for keeping employee email accounts secure. Advanced threat reporting, beyond that available in on-prem Exchange, also helps keep businesses protected. Finally, the redundancy of cloud servers ensures constant uptime, while on-prem deployments are vulnerable to hardware failures, power and internet outages, natural disasters, physical sabotage, and theft.
Here at Layered Systems, we highly recommend migrating from on-premises Exchange to Office 365. We’ve helped many businesses through this transition successfully. If you’d like to learn more about the benefits of moving your company’s email to the cloud with Office 365, Contact Us today.