Since the arrival of the global pandemic, many organisations adopted remote working models and accelerated their cloud migration and digital transformation efforts. As many as 88% have also opted for remote storage solutions. This has, however, increased their risk of being targeted by cyber criminals as well.
A survey conducted by Silicon Valley-headquartered AI-driven network detection and response leader Vectra has shed light into the extent to which corporate employees have been targeted by cyber criminals since the pandemic forced offices to shut worldwide.
The survey, which gathered responses from over a thousand security professionals using Office 365 products in mid to large-sized organisations in government, finance, retail, manufacturing, healthcare, education, and pharmaceuticals sectors, found that since the pandemic arrived, at least 71% of their organisations suffered an account takeover of a legitimate user’s account.
What’s more, the survey also found that the average security professional suffered a successful account takeover at least seven times in the past year. The serious success enjoyed by hackers can also be gauged by the fact that successful account takeovers affected 75% of organisations whose employees participated in the survey. This indicates that affected organisations sufferred a barrage of account takeover attempts from hackers who exploited holes in their IT security protocols.
Organisations unable to address account takeovers quickly enough
A successful account takeover gives hackers access to sensitive corporate data, intellectual property, a peek into organisational finances, and the personal information of employees and customers. The longer a hacker enjoys control over a legitimate account, the more damage they can inflict on the organisation. As such, it is vital for organisations to quickly deal with unauthorised account takeovers as soon as they are detected.
However, the truth is far from what should ideally be the case. Only 33% of security professionals are confident about identifying and stopping an account takeover attack immediately. For most security professionals, this could take days or even weeks to address. This indicates that in most cases, hackers have enough time on their hands to access and exfiltrate vast amounts of data before their access is discovered or closed.
“We’re regularly seeing identity-based attacks being used to circumnavigate traditional perimeter defences like multi-factor authentication (MFA). Account takeovers are replacing phishing as the most common attack vector and MFA defenses are speed bumps, not forcefields. Organisations need to take this seriously and plan to detect and contain account compromise before a material disruption of their business occurs – malicious access, even for a short period of time, can do a tremendous amount of damage,” says Tim Wade, technical director of the CTO team at Vectra.
Despite such high levels of exposure, a majority of security teams are highly confident about the effectiveness of their security protocols. Nearly 80% of them told Vectra that they have good or very good visibility into attacks that bypass the perimeter defenses such as firewalls. The confidence is, however, more pronounced among managers than practitioners such as Security Operations Center (SOC) analysts.
Security teams at organisations that use Microsoft Office 365, however, do admit that they are concerned about the risk of compromise of data held in the cloud, the risk of account takeover, and the ability of hackers to use living-of-the-land attacks to hide their tracks.
“It’s interesting to see the differences between managers and practitioners’ perception of their risk exposure. Senior managers invest a fortune in technology and think they’ve ticked the security box. While the investment is certainly welcome and helps us reduce risk, in reality it isn’t that simple,” says Kevin Orritt, ICT Security Manager at Greater Manchester Mental Health NHS Foundation Trust.
“We still need the people to be able to interpret and action the alerts and make sure that we’re actually measuring the right things. Attack vectors are constantly changing and security teams need to be sure they’re able to adapt to prevent, defend and mitigate an increasing array of attack vectors with security teams that are being stretched to the limits.
“Attackers have also moved their focus to the cloud to gain a foothold into the organisation and then move laterally into the network. Like many healthcare organisations, we’ve seen a sharp rise in spear-phishing attacks during the last year, so it’s vital that security professionals don’t get complacent and remain on high alert, as remote working is definitely here to stay and so too are the hackers,” he adds.