Data access: Copilot for Microsoft 365’s big issue
Many of the potentially serious security issues with Copilot start with what kind of access the genAI tool is given to company data, and how that access can be misused by hackers, or people inside the company.
Ivan Fioravanti, founder and CTO of CoreView, which focuses on the configuration and security of Microsoft 365 management, notes in a blog post that when a company installs Copilot for Microsoft 365, it receives the same model of permissions to access data that is already in the Microsoft environment. 365. That model, he says, is designed to ensure that “only authorized users can access sensitive information.”
However, there are security gaps that can be easily missed. Fioravanti warns that dangerous Copilot configuration settings can be enabled by default. These settings could give Copilot “access to sensitive data without proper safeguards in place. Default settings can allow Copilot to interact with external plugins and access web content, introducing new areas of attack.”
Source link