We’re all a lot more conscious of cyber crime these days, but “conscious” and “prepared” really are two different things. Many people still have no idea how these criminals operate and due to a huge spike in sophistication, they are deceiving people in massive numbers. It’s so tempting to think, “well why would they be interested in me?” – the fact is, you’re exactly who they’re looking for.
So we generally try to protect ourselves by making sure we have a really good Antivirus/Antimalware package installed and a firewall switched on (maybe). But what about your cloud data? Just like you would protect data at your own office, you need to protect your data in the cloud. Working with – and in – the cloud is fantastic. It gives access to a huge range of products and services which can massively boost productivity, but along with that comes lots of data in the cloud, data that you likely don’t want others to have access to, data that’s at risk of being exposed if not properly protected.
This is where the danger lies. When working in the cloud, there will always be a “Super Admin” or “Global Administrator” who has super powers! They can do anything inside these systems – examples would be Google Workspace and Microsoft 365 – and the “Super User” has the rights to do whatever they want. Which is the purpose of that account – but incredibly dangerous in the wrong hands.
In a properly managed environment, that Super User would rarely be used and would be well protected with various levels of conditional access applied. Where things get really risky is when the environment is not being managed. For example, a business owner decides to set up Microsoft 365 themselves, directly with Microsoft. This is fairly easy to do and they can be up and running quite quickly. The trouble is, they don’t really know what they’re doing. IT is not their business. They set up the account directly with Microsoft in their own name. Microsoft has to assign a Global Administrator (Super User) to someone, so they assign it to the first user created. The business owner in this case.
Now the business owner goes about using their new account for email, storing documents in OneDrive and Sharepoint, using Teams, getting the most from their subscription. Then their password and their 2FA token are phished and a bad actor has access directly to their Microsoft 365 account – which is a Global Administrator. Now the hacker has complete control of the entire Microsoft 365 tenant as a Global Administrator and can do anything they like.
This even happens in a badly managed environment, where there are too many users with Global Administrator rights and no one notices. This leaves multiple accounts vulnerable with catastrophic consequences in the event of a compromise.
The moral of the story is – if you’re not sure what you’re doing, or if you aren’t sure that everything is properly secured, ask a professional to review it and advise on how to protect yourself properly. Don’t take the risk of doing it yourself and assuming it will be alright. Unfortunately, it won’t!