Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft’s contradictory “no backup needed” guidance. To add to the confusion, Microsoft has introduced its own M365 backup product.

During the episode, we’ll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don’t miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365!

Episode Resources:

Free eBook – Microsoft 365: The Essential Companion Guide

365 Total Backup – Request a Trial

VM Backup – Free Trial

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

In today’s digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks. 

In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business.   

Timestamps:

(3:20) – How important is ransomware protection in terms of IT priorities?

(4:41) – How many organizations do NOT have a DR plan in place? 

(9:28) – How many organizations protect their backups from ransomware? 

(12:10) – What types of tools are organizations using to combat ransomware? 

(15:45) – How many organizations have been victims of ransomware? 

(18:12) – How many ransomware victims managed to recovery from backup? 

(20:50) – What are the most common vectors of attack for ransomware? 

(24:00) – How many people see real value from security awareness training? 

(27:37) – How many organizations using M365 have a DR plan in place for ransomware? 

Episode Resources:

Full Ransomware Survey Results

EP12: What We Learned by Asking the Community About Compliance

Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed! 

In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy! 

Timestamps:

(1:57) – What are malicious OAuth Applications? 

(5:21) – Who can authorize OAuth Applications in a M365 tenant? 

(8:25) – How are malicious OAuth Applications getting past Microsoft Review? 

(14:56) – An example of a how a malicious OAuth Application might function in an attack 

(17:44) – Mitigation and prevention of malicious OAuth Application attacks 

(25:35) – The M365 Essential Companion Guide eBook 

Episode Resources:

M365 Publisher Verification

M365 Publisher Attestation

M365 App Certification

M365 ACAT Tool

Free eBook ‘Microsoft 365: The Essential Companion Guide’

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.  

The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company’s security culture and its ability to safeguard its vast user base. 

Tune in for more details! 

Episode Resources:

Monthly Threat Report – October 2023

You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let’s face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take.  

In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today’s ever-changing cybersecurity landscape. 

Timestamps:

(2:45) – Why is certification important in the Security Space 

(7:28) – What are the benefits of getting certified? 

(11:45) – Vendor-specific certifications 

(16:05) – Are Linux certifications relevant to security professionals? 

(22:21) – What are the most important vendor-agnostic security certifications? 

Episode Resources:

Comptia Security+

GSEC

Cisco CCNA

CISSP

CISM

CEH

OSCP

Careers at Hornetsecurity (We offer training!)

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn