Let’s check the security level of the organization’s network environment.
It has been known for a long time that majority of digital security breaches are based on well known techniques, vulnerabilities and software. People clicking on unknown links, no efficient update policy, etc.… there is no golden mean in cybersecurity.
Vectra, a pioneer of the new generation of network security solutions, conducted a survey among 1,000 representatives of IT departments.
The study had 2 interesting parameters:
- Each organization is in the process of migrating to the full use of SaaS software – MS Office 365 – and it was this platform and its security that were the subject of the study,
- Most of the organizations used Multi-Factor Authentication in line with good industry practice.
The main conclusions are as follows:
- 97% extended their use of Microsoft Office 365 as a result of the pandemic,
- 88% had plans to move to the cloud, and the pandemic only accelerated the digital transformation,
- 71% went through an average of 7 account acquisitions of authorized users in the last 12 months,
- Over 80% of respondents admitted that the risk of IT security breach in their own organization has increased significantly over the last year,
- Nearly 60% say that the gap between the skills and tools of hackers and security departments widens to the detriment of defenders,
- 96% of customers showed suspicious behavior indicating internal propagation in Office 365 accounts.
Despite the unquestionable chance of being able to audit cybersecurity assumptions in connection with the transformation … It should also be remembered that the adoption of cloud services – even as popular as Microsoft Office 365 poses great challenges.
1.Maintaining the future-proof architecture and the availability of legacy systems – and this increases the attack surface available to the enemy. For example, running Azure AD in hybrid mode includes:
- protection against older Active Directory on-prem attacks
- protection against newer generation of attacks on Azure AD
- protection against a third class of attacks inherited from having to handle both at the same time and keeping the two services synchronized
Digital transformation not only burdens the organization’s technical resources; it creates entirely new loopholes for enemies to exploit.
2.Setting a new point of reference – the so-called Baseline for non-resource-threatening ‘normal work’ behavior – noise and uncertainty are conditions available in enormous amounts as you travel along the digital transformation curve. We mentioned above that 96% of Vectra report customers showed suspicious sideload behavior in their Office 365 accounts. This number of alerts would not have been possible to parse without AI or machine learning to sort signal by noise.
3.Public cloud is a huge plane of attack – this sentence becomes obvious when you consider that in the cloud, attackers use predefined API’s that conveniently exchange things such as access and permissions in different regions which can be chained for quick execution at high speed and on a large scale.
How can we fix it?
60% of respondents use a combination of people and technology – what we call “enhanced intelligence.” Security departments use automation to manage incidents below a certain level and prioritize tasks for analysts at each support layer. Thanks to this approach – assisted by artificial intelligence – the already limited resources are optimally used. This is confirmed by the respondents themselves, pointing to Vectra as the cause of changes for the better.
As specialists in the implementation of next-generation technologies, we support organizations in digital transformation. Including selecting tasks in which security analysts excel (e.g. contextual analysis) and which are best suited for algorithms (e.g. screening large data sets) – and then creating them from them efficient security policies and incident response plans.