FeatureEven with widespread multi-factor authentication adoption, over the last year 71% of enterprises still experienced SaaS account takeovers, despite that, close to 90% have accelerated their cloud and digital transformation. For a view into the past, present and future of that journey, we surveyed more than 1,000 security decision makers in mid to large enterprises using Microsoft Office 365.
Over 80% of respondents acknowledged that their own organisation’s cybersecurity risks had increased over the last year, and close to 60% specifically felt the gaps between their defensive capabilities and their adversaries’ offensive capabilities were widening, threatening to have them fall further behind what has already felt like a losing arms race.
At a minimum, even as defenders acknowledge opportunities and evolution, they recognise that cloud and digital transformation involves transitional gaps, organisational noise, and opportunities for adversaries to benefit from the speed and scale of the cloud during the transition.
First, technology transitions at enterprise scale often require maintaining a forward-looking architecture and availability to legacy systems. Unfortunately, this increases the attack surface available to an adversary.
Over the last year, 71% of enterprises experienced SaaS account takeovers, close to 90% accelerated their cloud transformation.
When it comes to transitional periods like this, enterprise defenders need to be prepared to rip the band-aid off and support IT in the task of accelerating the migration to the desired future state while understanding the posture implications and how to prioritise risk and remediation. Drawing out the transition does not just strain the organisation’s technical resources; it creates fundamentally new gaps for adversaries to exploit.
Second, cloud transformation involves baselining into the new normal but finding that behavioural baseline is messy, noisy, and prone to uncertainty and unfamiliarity for defenders. Meanwhile, noise and uncertainty are conditions that adversaries excel at exploiting, and it is available in spades on this transformative journey.
The Vectra Spotlight Report on Office 365 found 96% of customers exhibited suspicious lateral movement behaviours in Office 365 accounts. This volume of alerts would be impossible to analyse without the application of artificial intelligence or machine learning to sort signal from noise.
Drawing out the transition creates fundamentally new gaps for adversaries to exploit.
Fortunately, 60% of respondents specifically are applying a mix of subject matter experts and technology to tackle this problem over the next year. This is a good sign, and prudent defenders will identify tasks in which they excel, for example, contextualising behaviours and which are best suited for machines, for example, sifting through large sets of noisy data.
Thirdly, the cloud does not just enable businesses to operate at speeds and scales previously unattainable, it provides those benefits to adversaries as well. Unless security investments are made into response capabilities, the gap in security capabilities will grow.
Likely this is why over 50% of respondents planned investments in automation and orchestration over the next year; however, response is only half of the story. Without a high-fidelity signal to cue the response, authorised users may themselves be victims of both adversaries and overzealous defensive automation.
This is another example of where organisations would be wise to invest in actionable, AI/ML enhanced, detections of attacker behaviours as a conduit into downstream orchestration.
Unless security investments are made into response capabilities, the gap in security capabilities will grow.
Still, despite these challenges, the future is bright for organisations willing to go on this journey. As a transformational force, the cloud is powerful. It is fundamentally reshaping business even as it enables security modernisation like never before.
Ammar Enaya of Vectra AI shares Microsoft Office 365 and cloud security insights and reasons for optimism despite risks.
