▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | GreenCity | Italian Channel Awards | Italian Project Awards | ...

New Survey from Abnormal Security Highlights Account Takeover Attacks as the Leading Threat for Today’s Organizations

Abnormal Security, the leader in AI-native human behavior security, today announced the launch of a new research report—the 2024 State of Cloud Account Takeover Attacks. The report reveals how secur...

Business Wire

83% of organizations have experienced at least one account takeover in the last year; security leaders lack confidence in their current defenses to protect against this threat

SAN FRANCISCO: Abnormal Security, the leader in AI-native human behavior security, today announced the launch of a new research report—the 2024 State of Cloud Account Takeover Attacks. The report reveals how security stakeholders view the growing threat of account takeovers, how they are currently approaching prevention, and what they are looking for in next-generation defenses against these attacks.

Based on a survey of over 300 security professionals across a variety of global industries and organization sizes, Abnormal’s research found that 77% of security leaders cited account takeover attacks as one of their top four most concerning cyber threats. Combined, this makes account takeovers the leading worry for security leaders—even ahead of news-headlining attacks like ransomware and spear phishing.

These worries are justified, given that 83% of survey participants reported that their organization had been impacted by an account takeover attack at least once over the past year. Worse still, nearly half of organizations (45.5%) were impacted by account takeover attacks more than five times over the past year, while nearly one in five had experienced more than 10 significant account takeover attacks.

“A single instance of cloud account compromise can be extremely damaging, as it creates a critical point of entry that can give attackers immediate access to company or customer data, create a launchpad for additional attacks or fraudulent transactions, or allow lateral movement to connected platforms,” said Evan Reiser, CEO at Abnormal. “What’s even more concerning, and what the survey responses show, is that these attacks are no longer limited to just email. Today’s cloud application ecosystems are increasingly necessary for business, but they all open up additional entry points—each with their own distinct risks if compromised.”

The cloud applications that security stakeholders are most concerned about being compromised include file storage and sharing services, such as Dropbox and Box, and cloud infrastructure services, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Also near the top of the list are business email accounts, such as Microsoft Outlook and Gmail, and document and contract management software like Docusign. Each of these applications has the potential to expose troves of sensitive company data, while a compromised cloud infrastructure application can also enable lateral movement across the corporate network.

Despite their concerns, the majority of security stakeholders appear unprepared to protect against account takeovers. Commonly used strategies to protect against this threat include implementing fraud detection mechanisms such as multi-factor authentication (MFA) and strong password use. Yet, the majority of survey participants are skeptical of both MFA (63%) and single sign on (65%) as effective tools to prevent account takeover attacks.

Other frequently mentioned solutions included identity and access management (IAM), cloud access security brokers (CASB), and web application firewalls (WAF), which were all cited by more than 50% of respondents, but none of which are explicitly designed to counter the account takeover threat. Similarly, many survey participants (87%) expect their individual cloud services to supply native protections against account takeovers. But most application providers aren’t security companies, and while they may offer some security features, these tend to be safeguards against misconfiguration or elevated privileges rather than real-time protection against account takeover.

Security stakeholders are eager for alternative solutions, and 99% believe implementing a solution for detecting and automatically remediating compromised accounts in cloud services would greatly improve their defenses. Reiser continued, “It’s clear that there is a need for a new approach to not only detect account takeovers but also remediate them automatically before attackers have a chance to exfiltrate sensitive data or infiltrate connected applications. Cross-platform visibility and automated remediation capabilities, with uniform coverage for all the applications that enterprises use, will be critical as organizations seek to protect their entire attack surface.”

About Abnormal Security

Abnormal Security is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior and analyze the risk of every cloud email event—detecting and stopping sophisticated, socially-engineered attacks that target the human vulnerability.

You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly. Additional protection is available for Slack, Workday, ServiceNow, Zoom, and multiple other cloud applications.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

Axyon AI: Italian Artificial Intelligence for Finance applications

Axyon AI offers an AI platform specifically designed for asset management, with several interesting strengths for those approaching machine/deep learning…

Italian Artificial Intelligence tackles medical emergencies at sea

Mermaid-AI is a telehealth platform at sea based on a visor equipped with an AR, medical Artificial Intelligence algorithms, satellite communications…

Gyala: a new "Made in Italy" cybersecurity

With a proven track record in the defence field, Gyala now also brings its cybersecurity technologies to the wider enterprise audience

ITALIAN PROJECT AWARDS 2023: the best IT projects of the year, awarded

Now in its third edition, the initiative is targeted at the ICT professional world and honours projects based on innovative ideas and technologies, realised…

Most read

AHSG Announces Leadership Transition as CEO Mark Smith Joins Board of…

AHSG, a technology-driven, healthcare workforce solutions company, today announced Mark Smith will be stepping down at the end of June as Chief Executive…

Verituity Raises $18.8M to Accelerate its B2B and B2C Verified Payout…

Verituity, a leading provider of intelligent, verified payouts solutions, announced the successful close of an $18.8 million funding round led by Sandbox…

HubStar Launches H2O, a Revolutionary New Approach to Optimizing Occupancy…

HubStar, a leader in dynamic workplace management technology, today announced the launch of H2O, the first ever hybrid occupancy platform designed to…

Capco announces Karl Canty as new US Insurance Partner

Capco, the global technology and management consultancy, has appointed Karl Canty as a new Partner within the company’s US Insurance practice, based in…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!