True North Networks Blog
Has Microsoft Office 365 Beat Phishing?
Roger Grimes, KnowBe4's Data-Driven Defense Evangelist has something to say about that...
"Microsoft recently announced a big update to their Microsoft Office 365 (O365) anti-phishing technical capabilities. According to Microsoft, their “miss phish catch rate” is down to near zero, beating all other O365 anti-phish competitors by orders of magnitude.
Has Microsoft Office 365 (0365) got phishing beat? Well, I wouldn’t get rid of your security awareness training just yet.
I think I have an interesting perspective. Until recently, I worked for Microsoft for over a decade and I still love the company, its people, and products. Microsoft security really is the best in the world. I’m also a long-term 0365 user for my private side work company. I’m now the data-driven defense evangelist for KnowBe4, the world’s largest security awareness training vendor.
I moved from Microsoft to KnowBe4 because I wanted to dedicate the remaining years of my computer security career to making the biggest impact in computer security possible. This isn’t hyperbole. Social engineering and phishing have been the number one way that malicious data breaches happen for over a decade.
If you want to have the biggest impact minimizing computer security risk you might as well jump into the lion’s den. And today, that means fighting social engineering and phishing.
From within Microsoft, I saw how hard Microsoft tried to stop phishing emails for its 0365 customers. Microsoft didn’t like that a majority of its large 0365 customers felt the need to purchase additional email protection. Every third-party anti-phishing purchase was a sign that Microsoft, itself, wasn’t doing enough to stop phishing.
It took years, but if you trust Microsoft’s data (and I have no reason to distrust it right now), it looks like Microsoft 0365 has some pretty solid anti-phishing results. According to their own data, phishing emails that escape detection and prevention are near zero percent. In fact, it’s hard to tell if their graphed data is saying exactly 0 percent or just above 0 percent. It’s that close, graphically.
The question some observers might have is if security awareness training is still worth the cost if Microsoft has “beat” phishing?"