searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine

Featured news

  • Facebook Messenger users targeted by a large-scale scam
  • Product showcase: Accurics
  • Consumer data protection is a high priority, but there’s still work to be done
  • CISO’s guide to automating third-party cyber risk management
  • Even though critical, web application security is getting less attention
Help Net Security
Help Net Security
March 19, 2021
Share

3 in 4 companies have experienced account takeover attacks in the last year

The COVID-19 pandemic has accelerated cloud migration and digital transformation amongst 88% of companies and that 71% of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user’s account, not once, but on average seven times in the last year, Vectra reveals.

account takeover

The fact that 3 in 4 companies have experienced malicious account takeover attacks highlights the need to track and secure identities as they move from on prem to the cloud. Just one in three security professionals believe they could identify and stop an account takeover attack immediately, the majority expect to take days or even weeks to intercept such a breach.

These challenges faced by defenders mirror the findings of a report which tracked the behaviour of four million Microsoft Office 365 customers over 90 days and discovered that 96% of networks exhibited suspicious lateral movement behaviour and that account takeovers were at the top of the list of methods used by attackers to move laterally between the cloud and network.

Tim Wade, Technical Director of the CTO team at Vectra, comments, “We’re regularly seeing identity-based attacks being used to circumnavigate traditional perimeter defences like multi-factor authentication (MFA). Account takeover is replacing phishing as the most common attack vector and MFA defenses are speed bumps not forcefields.

“Organizations need to take this seriously and plan to detect and contain account compromise before a material disruption of their business occurs – malicious access, even for a short period of time, can do a tremendous amount of damage.

Managers and practitioners’ perception of their risk exposure

However, the survey also reveals a high level of confidence amongst security teams in the effectiveness of their own company’s security measures: nearly 4 in 5 claim to have good or very good visibility into attacks that bypass perimeter defences like firewalls. Yet there is an interesting contrast of opinions between management level respondents and practitioners such as Security Operations Center (SOC) analysts, with managers exhibiting much greater confidence in their defensive abilities.

Overall, the top security concerns cited by Microsoft Office 365 customers are the risk of compromise of data held in the cloud, the risk of account takeover and the ability of hackers to use living-of-the-land attacks to hide their tracks.

Kevin Orritt, ICT Security Manager at Greater Manchester Mental Health NHS Foundation Trust commented: “It’s interesting to see the differences between managers and practitioners’ perception of their risk exposure. Senior managers invest a fortune in technology and think they’ve ticked the security box. While the investment is certainly welcome and helps us reduce risk, in reality it isn’t that simple.

“We still need the people to be able to interpret and action the alerts and make sure that we’re actually measuring the right things. We’re all aware of the problem of skills shortage within the security industry. Attack vectors are constantly changing and security teams need to be sure they’re able to adapt to prevent, defend and mitigate an increasing array of attack vectors with security teams that are being stretched to the limits.”

He continued: “Within the healthcare sector we’ve seen a huge acceleration of the journey towards digital transformation. I’d say our own Foundation Trust has speeded up its move to the cloud by at least two years. The introduction of virtual consultations using Microsoft Teams has been a massive boon during the pandemic and it’s here to stay even after lockdown ends. The speed with which the healthcare industry was forced to make the move to the cloud at the beginning of the pandemic and the increased demand for our services, means that inevitably we’ve had to deal with new security vulnerabilities along the way.

“Attackers have also moved their focus to the cloud to gain a foothold into the organization and then move laterally into the network. Like many healthcare organizsations we’ve seen a sharp rise in spear phishing attacks during the last year, so it’s vital that security professionals don’t get complacent and remain on high alert, as remote working is definitely here to stay and so too are the hackers.”

Gap between attackers and defenders is widening

Wade comments: “The tendency for managers to be significantly more confident that those working at the coalface suggests that there is a level of self-delusion going on here. Perhaps it’s because the metrics that are being shared with senior management often focus more on the volume of attacks stopped rather than the severity of the attack or the number of investigations that reach a firm conclusion. Whatever the reason it’s important not to be complacent and remain constantly vigilant of new types of attacks.”

The findings also reveal that 58% of security professionals say the gap between attackers and defenders is widening. The shift to cloud, and adoption of remote working has heightened the threat of cyber attacks, with four in five security professionals saying that cybersecurity risks have increased in the last twelve months.

Other key findings

  • IoT/Connected devices and identity-based attacks are the top two security concerns for 2021
  • 58% of businesses plan to invest more money in people and technology and 52% will invest in AI and automation in 2021
  • The biggest frustration with existing security solutions it the amount of time needed to manage them
  • The best thing about their roles as security professionals is the satisfaction of stopping attacks and protecting their companies, whilst frustration at end user’s lack of understanding of cybersecurity remains the biggest frustration.
More about
  • account hijacking
  • coronavirus
  • cyberattack
  • cybersecurity
  • digital transformation
  • Office 365
  • report
  • survey
  • threats
  • trends
  • Vectra
Share this
zero

Approaching zero trust security strategically

  • Product showcase: Accurics
  • Digital business requires a security-first mindset
CISO’s guide to automating third-party cyber risk management

What's new

Facebook

Facebook Messenger users targeted by a large-scale scam

Panorays guide

CISO’s guide to automating third-party cyber risk management

zero

Approaching zero trust security strategically

lock

Consumer data protection is a high priority, but there’s still work to be done

Don't miss

Facebook

Facebook Messenger users targeted by a large-scale scam

zero

Approaching zero trust security strategically

Accurics

Product showcase: Accurics

lock

Consumer data protection is a high priority, but there’s still work to be done

Panorays guide

CISO’s guide to automating third-party cyber risk management

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • Twitter

In case you’ve missed it

  • Securing an online marketplace through the COVID-19-fueled boom
  • How do I select an attack detection solution for my business?
  • Zero Trust creator talks about implementation, misconceptions, strategy
  • How do I select a bot protection solution for my business?

(IN)SECURE Magazine ISSUE 68 (March 2021)

  • Physical cyber threats: What do criminals leave when they break in?
  • Review: Group-IB Fraud Hunting Platform
  • Tips for boosting the “Sec” part of DevSecOps
Read online
© Copyright 1998-2021 by Help Net Security
Read our privacy policy | About us | Advertise