Not long ago, amid the Microsoft Exchange Server attacks, Lookout Chief Strategy Officer Aaron Cockerill wrote about why cloud apps are more secure than their on-premise counterparts. That’s a really important lesson and an initial step towards securing your organization.
Here’s part two of that narrative: you also need dedicated security to ensure that your cloud infrastructure and apps are secure.
Productivity suites like Microsoft 365 or Google Workspace are vital to how we stay productive while working remotely. But this convenience also exposes your organization to new risks – including account-takeover attacks. According to MSSP Alert, more than 70 percent of Microsoft 365 deployments suffered an average of seven account takeovers in 2020.
What makes this a big issue isn’t just the account takeovers themselves, but also the lack of visibility. Your employees can now use whatever device and networks available to connect to your cloud apps. Keep in mind that these are networks and endpoints that you likely don’t manage. To ensure your users and data are secure, you need to regain the visibility and control you used to have within your perimeter.
How do attackers take over cloud-based accounts?
Account takeovers involve the attacker’s theft of a user’s login credentials to gain access to data and privileges associated with a victim’s account. Attackers typically accomplish an account takeover through social engineering campaigns. Often, the attacker targets lower-level employees first, and once in the organization’s infrastructure, they will move laterally, perform reconnaissance and ultimately steal data.
One high profile example of this was the Twitter account takeovers that occurred in August 2020. Using a phone spear phishing attack, an attacker socially engineered their way into Twitter’s backend. They laterally moved around and gained access to 130 Twitter accounts belonging to high-profile individuals such as Barack Obama, Kanye West, Bill Gates and Elon Musk.
That was a highly visible breach as many of the compromised accounts tweeted out a Bitcoin phishing scam. But this could easily apply to your organization. Without continuous visibility into what’s going on, you may never find out that an account has been taken over.
How do I protect my cloud applications?
1. Complete and real-time visibility.
As we learned from the SolarWinds attacks, it’s very difficult to even be aware that a breach has occurred if you don’t have visibility.
To truly guard against account takeovers and other threats, you must continuously monitor your apps, users, devices and data. Only with a deep understanding of everything that’s going on, will yoube able to recognize when an endpoint or an user account is compromised or behaving in a malicious way.
2. Dynamic Zero Trust access control.
Visibility is the first step. The second step is to ensure you deploy granular and dynamic access policies. With most of your employees working outside your perimeter, you need to operate on the assumption that your endpoints and users are not trustworthy until their risk level is verified.
This is where having an integrated endpoint-to-cloud platform is critical. Endpoint security provides continuous risk assessment of the devices your users use the most. Cloud security gives you an understanding of how your users are behaving. By integrating the two, you have full insights to give precise and seamless access to your employees without exposing the rest of your infrastructure.
How do I get started?
Endpoint-to-cloud visibility and dynamic Zero Trust access controls are the end goals. But to get started you need to assess whether your current tools can take you there. You could have one product to secure your cloud, one for your on-premise apps and one for your endpoint. But do they work together?
Standalone tools will check off boxes in terms of coverage, but they make cybersecurity unnecessarily complex and inefficient. Your team may make mistakes and glance over gaps if they have to juggle multiple services.
Your workers need seamless access to what they need. To ensure that you only provide that granular access and safeguard the rest of your data, you need an integrated endpoint-to-cloud security solution.
To learn more about how you can have complete visibility and insights within a single platform to deploy dynamic Zero Trust, check out the Lookout Secure Access Service Edge (SASE) Solution.