Intelligent CIO North America Issue 48 | Page 19

2024 STATE OF CLOUD ACCOUNT TAKEOVER ATTACKS
LATEST INTELLIGENCE
2024 STATE OF CLOUD ACCOUNT TAKEOVER ATTACKS

A CALL FOR UNIFIED VISIBILITY AND CONTROL

eExecutive summary

Already a severe threat , account takeover attacks , or ATOs , have grown in prevalence in recent years . Threat actors are making more attempts to harvest credentials , steal active session cookies , or otherwise gain access to email and cloud software accounts . Unfortunately , an escalation in attempted attacks creates additional opportunities for success – and more dire consequences .
There may be several reasons for this growth , including an uptick in phishing and social engineering – often integral elements of ATO attacks – fueled by the rise of generative AI . The widespread adoption of this new technology makes it easier than ever before to quickly generate greater volumes of more convincing attacks . As a result , threat actors can not only target a larger audience , but also use hyper personalized messages customized for each recipient , greatly improving their chances of tricking end users .
Our latest Email Threat Report , for instance , shows that successful business email compromise attacks increased 108 % year over year between 2022 and 2023 , and phishing attacks remain the most prevalent threat – making up nearly three-quarters of all attacks received by Abnormal customers . The results can be devastating , with breaches involving stolen credentials costing an average of $ 4.62 million and taking 11 months to resolve .
While organizations are implementing measures to block account takeover attacks and more quickly
detect when an account has become compromised , it will likely never be possible to entirely prevent account takeovers across every single application . Social engineering relies on human error , and tired , distracted , or careless employees will always make mistakes that enable threat actors to steal credentials that can either be used immediately or sold on the dark web . Further , brute force and credential stuffing attacks cannot be foiled 100 % of the time .
For many security stakeholders , the phrase “ account takeover ” brings email account compromise to mind . But today ’ s cloud application ecosystems are increasingly broad , interdependent , and complex . As these apps proliferate – and become ever more integral to key operational processes – additional points of entry into enterprise environments emerge . At the same time , it ’ s progressively more difficult to maintain centralized visibility and unified control across diverse collections of cloud services . This is especially true when different business units are individually responsible for their own apps .
To better understand the challenges that security stakeholders face in this area , as well as how they are thinking about solutions , we surveyed over 300 security professionals across an array of global industries and organization sizes . Participants held leadership and practitioner roles , with more than one third ( 34 %) serving as the CIO , CISO , or VP of Security within their organization . Most ( 70 %) were at a director , manager , or team lead level of seniority or above . Their organizations ranged in size from 1,000 employees to more than 25,000 employees . p
PRESENTED BY
Download whitepaper here www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 19