Your Data Has Moved to the Cloud — Can Your Security Strategy Keep Up?

In today's world, data is the lifeblood of every organization. From intellectual property to employee and customer data to competitive intelligence and more — if your data is stolen, it's your reputation, money, and business on the line. 

But the way we store and interact with data has changed over the years. It's no longer located inside a perimeter, on networks and devices your organization has total control over. These days, data is primarily located in the cloud, like in SaaS apps and private apps. The way users access that data has also changed. The modern workforce is characterized by the desire for flexibility, with users who want to work from anywhere on any device and share information freely. 

This new way of work has provided ample opportunity for attackers to exploit organizations. Big names like Caesar's, MGM, and Twilio have recently suffered high-profile data breaches, all of which had something in common: the attackers didn’t gain access by weaponizing existing vulnerabilities. Instead, they targeted the mobile devices of individuals with access to large or critical data sets using social engineering, and after gaining access to credentials, they leveraged that access to steal data. 

As your organization adapts to this new, more flexible working environment, you must also adopt a new approach to security to match. 

‍

Attackers have changed their tactics, techniques, and procedures — and legacy security strategies aren’t enough 

Because so much of our data has moved to the cloud, the attack surface is now broader and more complex than ever before. In turn, cybercriminals have changed their tactics, and are constantly evolving to take advantage of this new, flexible cloud-based work environment. 

The old approach relies on creating perimeters and controlling network access, and it's designed to work with yesterday's endpoints and operating systems. These legacy solutions assume that attackers are working by weaponizing vulnerabilities, but they simply aren't prepared to recognize and remedy risks like coercive social engineering or atypical user behavior. They also aren't able to defend against threats to data stored outside of corporate networks.

Threat actors are increasingly exploiting the human factor of security, where they can rapidly gain critical access. Namely, they tend to target users with access to large, sensitive data sets, and their weapon of choice is the user’s mobile device, which serves as a digital representation of the individual. The devices contain a treasure trove of information ranging from work email to personal email, mobile phone numbers, social media, and more. Mobile devices are also inherently more vulnerable. It’s easy for attackers to create messages that look trustworthy on mobile, which makes it harder for users to tell if they are being targeted. But most importantly, these mobile devices are the keys with which attackers gain access to that critical data.

Attackers can count on people making mistakes when using their mobile devices, and because nobody's perfect, a small human error can lead to a big enterprise data breach opportunity. Once a malicious actor takes over an account with legitimate credentials, they’re difficult to detect and they can employ new lateral movement strategies, like searching for access credentials within the organization’s productivity suite. 

Since almost everyone now uses their mobile device for work, any organization can fall victim to these attacks. In February 2024, Lookout discovered attackers targeting the Federal Communications Commission (FCC) via mobile devices. They used a carbon copy of a single sign-on page to trick targeted users into sharing usernames, password, password reset URLs, and even photo IDs. And unfortunately, traditional malware-oriented security solutions are blind to these kinds of tactics, techniques, and procedures. 

To defend against modern threats, organizations need to recognize how cybercriminals’ tactics have changed: the perimeter no longer exists, and data is accessed via the cloud, using both managed and unmanaged devices. If you rely on legacy security solutions, you leave the valuable data that flows through this infrastructure exposed and vulnerable. 

‍

A security solution designed for today’s challenges   

Data is at the core of every organization, and Lookout's approach to cybersecurity is designed to protect that data in the modern threat landscape. We understand that people — and human behavior — are central to the challenge of protecting data, and because of that, organizations need total visibility into threats in real time. 

Lookout uses a defense in-depth strategy to address the different stages of a cybersecurity attack. The first layer addresses targeted social engineering — if one employee is targeted with a phishing message, for example, Lookout endpoint detection and response (EDR) can block that attempt on a one-off basis. The second layer addresses an organizational threat. We assess trends and use deep threat intelligence as a warning system to alert organizations whether they are under attack. With that information, we can escalate security measures to stop a breach before it begins.   

And if these first two layers are penetrated, Lookout’s third layer of defense uses the telemetry we’ve collected to detect and stop anomalous behavior and risky data movements. Lookout can intercept and freeze rogue accounts before they do any damage, and our unique approach to data protection can encrypt, redact, and watermark data on any network or device. 

With our data-centric cybersecurity solution, Lookout enables work to flow that way data flows: freely and securely. 

‍