A recent survey conducted by Abnormal Security has spotlighted account takeover attacks as the foremost threat facing today’s organizations.
According to the company’s 2024 State of Cloud Account Takeover Attacks report, 83% of organizations experienced at least one account takeover in the past year.
The report, based on responses from over 300 security professionals across diverse industries and organization sizes globally, also revealed that 77% of security leaders rank account takeover attacks among their top four cyber-threats.
This places account takeovers ahead of high-profile concerns such as ransomware and spear phishing. Notably, nearly half of the organizations surveyed encountered these attacks more than five times in the past year, and almost 20% faced over ten significant incidents.
The report also highlights that security stakeholders are particularly worried about the compromise of file storage and sharing services like Dropbox and Box, cloud infrastructure services such as AWS, Microsoft Azure and Google Cloud Platform, and business email accounts like Microsoft Outlook and Gmail. Additionally, document and contract management software, such as DocuSign, also poses significant risks.
Despite these concerns, most security professionals feel unprepared to tackle account takeovers effectively. Common strategies include multi-factor authentication (MFA) and strong password policies, but 63% of respondents doubt MFA’s effectiveness, and 65% are skeptical about single sign-on (SSO) solutions.
Other measures, such as identity and access management (IAM), cloud access security brokers (CASB) and web application firewalls (WAF), were mentioned, yet none are specifically designed to counter account takeover threats.
Read more on cloud security: Cloud Account Attacks Surged 16-Fold in 2023
The survey further indicates that 87% of participants expect cloud service providers to offer native protections against account takeovers. However, most application providers focus on safeguards against misconfiguration or elevated privileges rather than real-time defense against account takeovers.
Consequently, there is an apparent demand for solutions that can detect and automatically remediate compromised accounts in cloud services. An overwhelming 99% of respondents believe such a solution would significantly enhance their security posture.
“It’s clear that there is a need for a new approach to not only detect account takeovers but also remediate them automatically before attackers have a chance to exfiltrate sensitive data or infiltrate connected applications,” said Evan Reiser, CEO of Abnormal Security.
“Cross-platform visibility and automated remediation capabilities, with uniform coverage for all the applications that enterprises use, will be critical as organizations seek to protect their entire attack surface.”