HomeIntelligenceBrief
BREACH BRIEF⚪ Informational ThreatIntel

Microsoft Defender Email Security Benchmark Shows 23% YoY Rise in Phishing & Credential‑Theft Attempts

Microsoft’s year‑long Defender for Office 365 telemetry reveals a 23% increase in phishing emails and continued credential‑theft activity. For SOC 2‑compliant organizations, the data underscores the need for documented email‑filtering controls and security‑awareness programs to meet audit requirements.

LiveThreat™ Intelligence · 📅 June 15, 2026· 📰 microsoft.com
Severity
Informational
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
microsoft.com

Microsoft Defender Email Security Benchmark Shows 23% YoY Rise in Phishing & Credential‑Theft Attempts

What Happened — Microsoft published a year‑long benchmark of Defender for Office 365 telemetry, revealing that phishing emails targeting Office 365 users grew 23% compared with the prior year and that compromised credentials remained the top vector for successful attacks. The report also notes a steady increase in malicious attachment delivery and business‑email‑compromise (BEC) attempts.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 CC6.2 (Logical Access) and CC7.1 (Security Awareness) require documented controls that prevent credential‑theft and phishing‑driven breaches; the benchmark quantifies the threat you must prove you’re mitigating.
  • Continuous evidence of email‑filtering effectiveness and user‑training outcomes is essential audit evidence for the “Security” principle.
  • Verisq’s Security Awareness capability can ingest these threat metrics and automatically map training completion and phishing‑simulation results to SOC 2 controls, creating a defensible audit trail.

Who Is Affected – Enterprises that rely on Microsoft 365/Office 365 for email, spanning finance, healthcare, technology, and government sectors.

Recommended Actions

  • Map your email‑security controls (filtering, DMARC, SPF/DKIM) to SOC 2 CC6.2 and capture logs as continuous evidence.
  • Deploy a formal security‑awareness program that includes phishing simulations; record completion rates and post‑test scores for audit review.
  • Integrate threat‑intel feeds (e.g., Microsoft’s benchmark data) into your SOC 2 risk‑assessment process to keep the threat model current.

Source: Microsoft Security Blog

Technical Notes – Attack vectors highlighted: phishing emails, malicious links/attachments, credential‑theft via credential‑phishing, and BEC. No specific CVEs were disclosed; data reflects aggregated telemetry across Microsoft Defender for Office 365 customers. Source: same as above

📰 Original Source
https://www.microsoft.com/en-us/security/blog/2026/06/15/microsoft-defender-email-security-benchmarking-key-insights-from-one-year-of-data/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Phishing and social engineering are a people-and-policy problem.

The Verisq AI Trust Operations platform pairs Security Awareness Training with policy adoption tracking, so human-risk controls are documented and audit-ready.

Explore the Verisq AI Trust Operations platform →