“Do your part” is the theme of this year’s Cybersecurity Awareness Month. A theme that could certainly be applied beyond how individuals and organizations take responsibility for cybersecurity, but it’s October — so let’s get to it. According to National Cybersecurity Alliance, if everyone does their part by — implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees — our interconnected world will be safer and more resilient for everyone.
A sentiment that’s hard to argue against when too often it seems like we’re in a constant uphill battle against cybercriminals. So, what practices can we implement today and what threats do we need to be aware of in order to become more resilient to cyberattacks. Let’s first take a look at some of the areas that cybercriminals exploit — even when security tools are in place to stop them.
Multi-factor authentication (MFA)
Any security practitioner will tell you that users and organizations should utilize MFA. It will make cybercriminals have to work harder to gain access to an environment, however… it won’t stop them completely. As Vectra CEO, Hitesh Sheth points out in a recent Dark Reading article — attackers regularly bypass MFA with various techniques and can even disable it in some cases. He even covers the top 5 techniques attackers use to get around MFA and explains why organizations can’t solely rely on just using MFA if they want to stop attackers.
The real problem once they get in
Once inside, one of the more reported targets that cybercriminals go after is Microsoft 365. This probably doesn’t come as a surprise to many, as it’s an incredibly useful suite of applications that now has over 50 million subscribers. Organizations carry a ton of data inside Microsoft 365 and criminals will always look for access to places that they can steal data to either sell or hold for ransom. So, how do we keep them out?
Prioritize visibility in Azure AD
In addition to bypassing MFA, attackers are targeting Azure Active Directory (AD) so they can gain access to mission-critical SaaS applications. According to Vectra Product Manager, John Mancini — by targeting Azure AD, attackers can gain access to the full functionality of Microsoft 365 and other applications like CRM tools and cloud storage. This blog post goes into greater detail about the risk, citing that “once an account is compromised, attackers will act within the environment to steal and ransom data.”
This doesn’t mean that organizations shouldn’t use these applications, but as John points out, it does show why companies need to prioritize a way to detect when an attack moves into their environment. Besides, all of the apps and tools we rely on these days really do make our lives better— it’s just a matter of making sure we’re doing our part to keep them secure.
What can you do today?
If you’re an organization that uses Microsoft 365 or AzureAD, Vectra is now offering a 30-day free trial of Detect for Office 365 and Azure AD.
In about 10 minutes, you’ll be able to see any MFA bypass techniques being used in Azure AD as well as any threat behaviors that exist across Microsoft 365. Similar to how your Microsoft apps make work easier everyday — AI-driven threat detection and response will make sure the teams that use them are secure.
We know that sometimes cybercriminals seem a lot like that annoying gopher that keeps finding new ways to swipe your tomatoes — now you’ll just be able to know when and where anything unusual shows up in your Microsoft environment.