Article by Vectra AI director of security engineering for APJ Chris Fisher.
Amid the current global pandemic, one of the largest containment measures implemented globally was the massive shift to remote working, which rapidly accelerated the adoption of hybrid cloud to improve business agility and respond to changing customer needs.
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.
Gartner has forecast Australian organisations will spend more than A$4.9 billion on enterprise information security and risk management products and services in 2021. Similarly, the Australian government’s Cyber Security Strategy plans to invest $1.67 billion over ten years to achieve a more secure online world for its citizens. Meanwhile, almost a million New Zealanders are reported to be falling victim to cybercrime and costing businesses vast sums every year.
The reality is that cloud and digital transformation still presents transitional gaps and opportunities for adversaries to benefit from the speed and scale of cloud. With many organisations increasing their cloud software usage, Microsoft continues to dominate the productivity space with 115 million daily active users.
However, Vectra AI’s new research revealed that 71% of Microsoft Office 365 deployments suffered an average of seven malicious account takeovers in the last 12 months to February 2021. The fact that three in four companies have experienced hostile account takeover attacks highlights the need to track and secure identities as they move from on-prem to the cloud.
The confidence displayed by security decision-makers in their ability to prevent account takeover attacks is a stark contrast to the rising number of attacks and long dwell times. Just one in three security professionals believe they could immediately identify and stop an account takeover attack; the majority expect to take days or even weeks to intercept such a breach.
With the new work-from-home paradigm, the proliferation of data-driven applications, and the advancement of technologies such as artificial intelligence (AI) and the Internet of Things (IoT) in the enterprise, cyber-criminals are also using more advanced tools and sophisticated methods to attack organisations and breach privacy. User account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation’s network.
Bridging the knowledge gap
Constantly evolving threats means around-the-clock effort and highly specialised skills to bolster enterprise cybersecurity, particularly within a hybrid cloud environment. Typically, most organisations have lean IT teams and lack the cybersecurity expertise required to pre-empt and mitigate sophisticated threats, placing enormous strain on already limited resources.
At a time when remote working is here for the long-term, the cyber-threat attack surfaces (such as personal devices) and landscapes (new vulnerabilities) are getting wider, building a security-minded culture becomes a collective responsibility.
Approximately 96% of ANZ survey respondents indicated their organisation’s cybersecurity risk had increased in 12 months to February 2021 due to increased Microsoft Office 365 usage during the pandemic disruption. The primary security concern now is the risk of data being compromised and hackers’ ability to hide their tracks using legitimate Microsoft tools, such as Power Automate and e-Discovery.
Senior leadership teams in any industry may be guilty of assuming that cybersecurity issues are the sole remit of their firm’s cybersecurity team. But that is no longer true in a digital economy, when data breaches or DDoS attacks can damage business, reputation and customer loyalty. Building digital trust comprises an entire ecosystem — from suppliers to customers, business partners to employees, and so much more.
To better protect an organisation from inside and external threats, here are some best practice tips:
Apply a mix of subject matter experts and technology
It’s not enough to just invest in the tools, but it matters to build knowledge and establish stringent governance frameworks. That’s where vendors with true cybersecurity expertise drive value, helping organisations draw upon expertise and intelligent, AI-driven detection tools and gain deep visibility into security and compliance gaps.
Understand the threat landscape
It is imperative that organisation genuinely understand their new enterprise network. Perimeters of the network vanished during 2020 as organisations shifted to the cloud — however, this doesn’t mean the network has vanished. The modern enterprise network is now data centre, IaaS, SaaS and PaaS.
The enterprise must have visibility into these networks and track attackers as they pivot through these environments. Viewing each network in isolation will only lead to blind spots and allow attackers dwell time as they hide in the shadows. Organisations must build detection and response capabilities that can shine a light into all these environments and track attacker behaviour as they attempt to move laterally through these environments.
Prioritise and respond at speed and scale
It is critical that enterprises not only identify attackers as they pivot through the modern network, but they must have the ability to respond rapidly and in a consistent way across all network stacks, be that IaaS, SaaS, PaaS, or data centre.
The only way the enterprise can achieve this is via prioritisation of incidents leveraging AI and automation. This will then ensure that the limited capacity of the SOC will have the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach.
Building a secure organisation for the future
Research has found that countries with established digital economies, including Australia, Japan, Singapore, and New Zealand have the highest exposure to cyber-risks. With a scarcity of talent, many organisations struggle with experience shortfalls in their cybersecurity team.
Unless security investments are made into response capabilities, the attacker-responder gap will continue to grow. How quickly an entity responds to a breach and identifies the attacks quickly and effectively will determine who succeeds in this fast-changing time.