You may not realize it, but there is a lot of money that can be made from selling your online identity to those who are up to no good. This makes it a great opportunity for hackers to make enough money to pay their electricity bills. This year alone, 5 million Gmail passwords were stolen, 7 million from Dropbox and 2 million from Facebook, and we can only guess how many other thefts went undetected.
Microsoft’s Office 356 poses as another opportunity for malicious attacks but the software giant isn’t just sitting around waiting for an invasion, they are in a way fighting fire with fire to enhance system security and protect customer privacy.
In a recent post on the Office Blog, Microsoft detailed the way the company prepares from emerging security threats to Office 365. The company does so with what it calls the “Assume Breach” approach involving two teams of its own hackers from a range of different background. The red team attempts all sorts of unorthodox methods to gain unauthorized access to Office 365 while the blue teams takes all the means necessary to counter attack and lock the red team out.
“As a team, we push ourselves to creatively anticipate and simulate attacks from real-world adversaries using Tactics, Techniques and Procedures (TTP) that we know from ongoing research on emerging threats and trends. This then leads to the proactive exploration of vulnerabilities during a phase we call “reconnaissance” followed by “exploitation” where we try to bypass protections that may be in place and then lastly attempts to “access” the data.”
Microsoft has of course set a few rules of engagement to ensure that no customer data is targeted and that the service remains active and operable to the public, in addition to ensuring that the existing security systems in place and not severely compromised and leaving the door open for the worlds hackers.
Both teams then work with the company’s engineering division to patch exploits to reinforce Office 365’s security systems, so customers can rest assured that their data is safe. And in the event that a malicious attempt does occur, Microsoft will be quick to respond.