With more applications, more data, and more information going to the cloud, you would think all industries would be cognizant of security. But are they? It appears food and beverage was one of the top sectors vulnerable to successful unauthorized logins to cloud accounts, researchers found.
Regulated industries such as healthcare and financial services protected themselves better in comparison, with significantly lower rates of successful attacks, according to a report from security firm, Proofpoint. No matter what, though, Fortune 500 companies in the study were heavily targeted and 60 percent of them experienced at least one compromised cloud account.
Sales representatives and managers were targeted across all industries, presumably because their emails tend to be publicly available and their positions give them access to finance managers, customers, and partners.
In addition to these industry trends, researchers also observed:
• 85 percent of organizations were targeted at least once by threat actors
• 45 percent of organizations experienced at least one compromised cloud account.
• 6 percent of organizations had an unauthorized login to an executive account
• At organizations with compromised cloud accounts, on average 13 active accounts per organization experienced successful unauthorized logins
• 0.6 percent of active user accounts were targeted at least once
By putting all the numbers together, Proofpoint researchers found the data demonstrates threat actors have about a 50 percent chance of successfully accessing an organization via cloud accounts; history demonstrates a single compromised account can have a significant impact on an organization’s security.
In the first quarter of 2019, researches observed a substantial spike in unauthorized login attempts against cloud services. The volume and efficacy of these attacks moderated in the second quarter. Specifically:
• In Q1, 0.5 percent of active user accounts were targeted at least once. In Q2, 0.3 percent of active accounts were targeted.
• In Q1, 50 percent of organizations analyzed had at least one cloud account compromised by a successful unauthorized login, whereas in Q2, 42 percent of organizations had compromised accounts.
Proofpoint compared attacks and their effectiveness against industries represented by at least 10 organizations that were monitored throughout the study period. Researchers found that cloud attacks spared no one particular sector:
• In 12 out of 14 sectors, attackers targeted at least 80 percent of the organizations under study in each industry.
• Among the industries evaluated, 92 percent of the analyzed Fortune 500 companies were targeted and 60 percent experienced a successful unauthorized login.
As mentioned, food and beverage and the education sectors were most vulnerable to cloud attacks, with success ratios (the number of successful unauthorized logins vs. the number of attempts) over 70 percent in Q1 and Q2.
In the food and beverage industry, franchisees were highly targeted and vulnerable. They present an entry point to these organizations’ financial business processes and supply chains, making franchisees ideal targets for wire fraud, lateral movement, and internal phishing.
Attackers had the least success with heavily regulated sectors, which suggests they implement more stringent security measures in their cloud deployments, researchers found. In particular, the attack success ratio was 20 percent for financial institutions and 40 percent for healthcare organizations, below the average rate of 50 percent.
This study demonstrates the cloud threat landscape has no biases in terms of industry; all industries are under attack. Some sectors are more vulnerable, but all organizations can benefit from robust visibility into cloud threats and automated security measures driven by threat intelligence.
Click here to view for the complete post.