Microsoft Defender Email Security Benchmark Shows 23% YoY Rise in Phishing & Credential‑Theft Attempts
What Happened — Microsoft published a year‑long benchmark of Defender for Office 365 telemetry, revealing that phishing emails targeting Office 365 users grew 23% compared with the prior year and that compromised credentials remained the top vector for successful attacks. The report also notes a steady increase in malicious attachment delivery and business‑email‑compromise (BEC) attempts.
Why It Matters for Compliance & Audit Readiness
- SOC 2 CC6.2 (Logical Access) and CC7.1 (Security Awareness) require documented controls that prevent credential‑theft and phishing‑driven breaches; the benchmark quantifies the threat you must prove you’re mitigating.
- Continuous evidence of email‑filtering effectiveness and user‑training outcomes is essential audit evidence for the “Security” principle.
- Verisq’s Security Awareness capability can ingest these threat metrics and automatically map training completion and phishing‑simulation results to SOC 2 controls, creating a defensible audit trail.
Who Is Affected – Enterprises that rely on Microsoft 365/Office 365 for email, spanning finance, healthcare, technology, and government sectors.
Recommended Actions
- Map your email‑security controls (filtering, DMARC, SPF/DKIM) to SOC 2 CC6.2 and capture logs as continuous evidence.
- Deploy a formal security‑awareness program that includes phishing simulations; record completion rates and post‑test scores for audit review.
- Integrate threat‑intel feeds (e.g., Microsoft’s benchmark data) into your SOC 2 risk‑assessment process to keep the threat model current.
Source: Microsoft Security Blog
Technical Notes – Attack vectors highlighted: phishing emails, malicious links/attachments, credential‑theft via credential‑phishing, and BEC. No specific CVEs were disclosed; data reflects aggregated telemetry across Microsoft Defender for Office 365 customers. Source: same as above