An increasing number of organizations have started using Microsoft’s Office 365 platform, but many haven’t migrated due to security concerns, according to a report published on Thursday by Barracuda Networks.
The study is based on a survey of more than 1,100 organizations of all sizes from North America, Europe, Africa and the Middle East. Nearly two-thirds of respondents said they are using Office 365 and 49% of the remaining organizations plan on migrating. While the number of organizations that started using Office 365 has increased, the adoption rate has declined compared to 2015-2016, when the number of subscriptions doubled.
Nearly 44% of organizations that haven’t moved to Office 365 decided against migrating due to security concerns. Of the companies that plan on migrating, more than 73% said they were concerned about advanced threats in their future Office 365 environment. Nearly 70% of those that have already started using Office 365 are also concerned about sophisticated threats.
More than 86% of respondents are concerned about phishing, impersonation and social engineering attacks, while 92% are concerned about ransomware.
“The very high rates of concern about security—including worries about latent threats, advanced malware, phishing and spear phishing, and especially ransomware—may be the single most important contributing factor to the overall decline in the rate of adoption that the survey revealed,” Barracuda said in its report.
How well are these organizations prepared to handle potential attacks? Only one-third of respondents said they have a third-party security solution designed to protect them against phishing and other social engineering attacks, and 69% said they provide training for their employees.
Despite the fact that email has been one of the main ransomware delivery vectors, more than half of respondents don’t use DMARC or DKIM/SPF, protocols designed to detect and prevent email spoofing.
Microsoft offers its own security service for Office 365, Advanced Threat Protection (ATP), but only 15% of respondents said they use it. On the other hand, many are either using or are planning on using third-party solutions for Office 365 security, archiving and backup.
“Overall, respondents reported significant doubts about the effectiveness of native security and other features of Office 365. In particular, they had concerns about these features’ ability to protect them effectively against ransomware, phishing, and spear-phishing or social-engineering attacks,” Barracuda said.