The latest statistics are in: a business email compromise costs an organization, on average, $1.03 million for the costliest attacks, and is growing.

While multi-factor authentication, stronger password requirements, automated password protection tools, increased security awareness, and other factors have increased our ability to protect the business, the arms race between the proverbial “red” vs “blue” team is ever evolving. These controls take a huge amount of attack surface off the field, but novel ways around them and new ways altogether are constantly being researched and used in the real world.

Come and learn about these new approaches that both we as security testers and the real bad guys are using to breach organizations and invade their privacy.

Learning Objectives:

  • Why MFA is not a set and forget control
  • Why your email security solution is not a set and forget control
  • Why your MS Teams configuration is not secure by default
  • How Microsoft exposes insecure features when you setup your Azure/M365 tenant
  • How OneNote malware is the new Office Macro attack
  • The lesser known “dual use” products that Microsoft 365 exposes for attackers to use against you
  • How a successful phishing attack is often only a phone call away
  • How to protect you organization from these vulnerabilities
  • Much more!