71 percent of Office 365 users suffer malicious account takeovers
New research from network detection and response company Vectra AI shows that 88 percent of companies have accelerated their cloud and digital transformation projects due to COVID-19.
But it also finds that 71 percent of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user's account, not just once, but on average seven times in the last year.
Worryingly only one in three security professionals believe they could identify and stop an account takeover attack immediately, the majority expecting to take days or even weeks to intercept such a breach.
Tim Wade, technical director of the CTO team at Vectra, says, "We're regularly seeing identity-based attacks being used to circumnavigate traditional perimeter defences like multi-factor authentication (MFA). Account takeovers are replacing phishing as the most common attack vector and MFA defenses are speed bumps not forcefields. Organizations need to take this seriously and plan to detect and contain account compromise before a material disruption of their business occurs -- malicious access, even for a short period of time, can do a tremendous amount of damage."
There is a high level of confidence amongst security teams in the effectiveness of their own company's security measures. Nearly four out of five claim to have good or very good visibility into attacks that bypass perimeter defences like firewalls.
However, there is an interesting contrast in opinions between management level respondents and practitioners such as SOC analysts, with managers showing much greater confidence in their defensive abilities. Overall, the top security concerns cited by Microsoft Office365 customers are the risk of compromise of data held in the cloud, the risk of account take-over and the ability of hackers to use living-of-the-land attacks to hide their tracks.
"The tendency for managers to be significantly more confident that those working at the coalface suggests that there is a level of self-delusion going on here," Wade adds. "Perhaps it's because the metrics that are being shared with senior management often focus more on the volume of attacks stopped rather than the severity of the attack or the number of investigations that reach a firm conclusion. Whatever the reason it's important not to be complacent and remain constantly vigilant of new types of attacks."
You can find out more in the full report available from the Vectra site.