A recent survey showed that 38% of security professionals in APAC had suffered an account takeover on Office 365 in the past 12 months.

If a global online survey of 1,112 security professionals working in mid- to large-sized organizations (with more than 1,000 employees) using Microsoft Office 365 is anything to go by, three in four companies have experienced malicious account takeover attacks.

Over 60% of respondents in the Asia Pacific region believed the gap between the capabilities of attackers and defenders was widening.

The Feb 2021 survey commissioned by Vectra AI revealed some parochial regional insights about Office 365 deployments, such as:

  1. 98% of APAC survey respondents stated that the pandemic had caused them to extend their Microsoft Office 365 usage (e.g., to use Teams).
  2. 90% of APAC survey respondents believed their organization’s cybersecurity risk had increased in the 12 months leading to February 2021.
  3. Over 60% of APAC respondents on average believed the gap between the capabilities of attackers and defenders was widening.
  4. Over 38% of APAC respondents said they had suffered an account takeover of an authorised user during the last 12 months.
  5. About 20% of team time is being spent on reactive investigations according to APAC respondents and a similar amount of time is being spent on proactive investigations.
  6. IoT/connected devices and identity-based attacks were the top two security concerns cited.
  7. 58% of businesses planned to invest more money in people and technology and 52% planned to invest in AI and automation this year.
  8. The biggest frustration with existing security solutions was the amount of time needed to manage them.
  9. Security professionals cited the satisfaction of stopping attacks and protecting their companies as the best thing in their work, whilst frustration at end users’ lack of understanding of cybersecurity remained the biggest frustration.
  10. A high level of confidence was expressed among security teams in the survey in the effectiveness of their own company’s security measures: nearly four in five claimed to have ‘good’ or ‘very good’ visibility into attacks that bypass perimeter defenses like firewalls.
  11. 20% of team time was being spent on reactive investigations, with a similar amount on proactive investigations.

What the numbers indicate

Account takeovers were on the top of the list of methods used by attackers to move laterally between the Cloud and the victim network. Some 71% of customers in the survey showed suspicious Office 365 Power Automate behavioral activity.

The firm’s Director of Security Engineering (APJ), Chris Fisher, said: “The biggest frustration for those with security solutions appears to be a lack of integration with other solutions and the amount of time needed to manage them. Cyber threats left unidentified can have huge financial and reputation repercussions as more attackers seek to exploit ongoing COVID-19 challenges across industries.”

Entities need to focus on their networks and maintain good cyber hygiene to drive down the noise coming into security operation centers, Fisher continued. “How quickly an entity responds to a breach and identifies the attacks quickly and effectively will determine who succeeds in this fast-changing time.”