The SolarWinds hack of December 2020 has deeply reinforced the growing realization amongst security practitioners that risks can spread easily across trusted applications in today’s multi-cloud, collaboration-centric environment.
The fact that the initial hack leveraged a compromised Office 365 email account, and then subsequently allowed attackers to compromise accounts of targeted SolarWinds personnel in business and technical roles, clearly highlights this issue and the need for related best practices to thwart similar campaigns.
What’s the big picture takeaway?
As noted by many experts, the SolarWinds attack is “unprecedented” as it directly sought access to cloud-based services as a primary objective. Owing to the inherent nature of “trust” as well as risks in the multi-cloud environment, the involved attackers successfully targeted authentication systems on the compromised network that provided access to Office 365 accounts used by government bodies and private third parties without tripping any alarms.
With this subversion of Office 365, the attackers thereby gained access and could have accessed all kinds of sensitive data (personal, financial, confidential) – including email credentials, business information, and active services. As new facts continue to surface, it is important to understand the related security risk footprint, an attack surface increasing due to the inherent “‘connectedness” of cloud applications, in general.
What are the key steps to better safeguarding Office 365 and cloud applications?
As we have seen, native cloud controls are often insufficient for countering sophisticated cyberattacks, especially as today’s organizations adopt dozens, if not hundreds of individual cloud and SaaS applications. Managing security and compliance across all of these individual applications and the data they hold is no simple task.
The following best practices are suggested to tackle security gaps across Office 365 and other connected clouds that are typically missed by traditional cloud security and data protection controls:
1. Enlist contextual access controls
Centralize controls across Office 365 collaboration applications (Teams, Onedrive, SharePoint, Outlook) and other cloud applications to focus on secure access from any device and location. Create identity and context-aware policies based on user role, type, and location data and extend these policies to include the multi-cloud ecosystem as well as augmenting access control policies with MFA and SSO integrations. Layer contextual controls with additional encryption measures to ensure compliance with regional and global security standards.
2. Monitor user behavior to identify insider threats
Leverage analytics to establish a baseline for normal user behavior and activities across different Office 365 cloud applications that deviate from the modeled baseline. This ensures that anomalous user actions or risky events can be instantly flagged for review and appropriate response in real-time. Build-in an incident governance and review cycle to correlate plausible threats or risks with user activities and anomalous behavior.
3. Layer cloud data protection
It is important to understand the sensitivity of different types of data moving or stored in the Office 365 ecosystem of an organization. Integrating DLP policies, content inspection, and malware protection prevents infected file uploads, and helps address related data security and compliance challenges. As data from Office 365 applications can be easily downloaded and shared externally through email or other means, employ a solution that can auto-encrypt data based on its classification. Also, ensure that outdated O365 policies are regularly scanned and removed to prevent attackers from exploiting security loopholes.
4. Enforce advanced threat protection
Integrate cloud and data security strategy with leading antivirus & anti-malware solutions for deep scanning of all incoming and outgoing traffic on Office 365 cloud for malicious content or infected files. Map integrated context-centric policies with relevant controls to ensure emerging threats can be dealt with immediately and accurately across multiple cloud applications and data sets.
Secure your Microsoft 365 with comprehensive security
Looking forward, the challenge of properly securing the cloud environment and related data against supply chain attacks clearly requires an integrated security strategy that delivers stronger and deeper endpoint protection; enforces contextual data loss prevention policies, monitors user and device behaviors, provides visibility into ongoing cloud transactions, and controls access across all cloud applications thereby limiting exposure due to collaboration on the cloud.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization