Senior executives have much greater confidence in their organisation’s cybersecurity defences than security analysts working at the coalface, a report by network detection and response firm Vectra has found.

A global survey of 1,112 security professionals at mid to large-sized organisations using Microsoft Office 365 found that 71% of deployments had suffered an account takeover an average of seven times in the past year.

Such attacks occur when a cybercriminal gains access to a user’s account credentials. These details are often stolen in cyberattacks and then traded on criminal forums. Because many people reuse the same password across multiple services, malicious hackers can gain access to accounts with relative ease using credential stuffing. Once inside, the cybercriminal can launch further attacks including sending phishing emails under somebody else’s name.

When asked how confident they were at detecting 356 account takeovers, 35% of executives said they would be able to do so immediately. However, just 21% of those managing teams of security operations centre (SOC) analysts said they believed they could prevent such attacks immediately. Across varying timeframes of detection, senior management consistently had more confidence than analysts in their ability to detect account takeovers at speed.

“The tendency for managers to be significantly more confident that those working at the coalface suggests that there is a level of self-delusion going on here,” said Tim Wade, technical director of the CTO team at Vectra. “Perhaps it’s because the metrics that are being shared with senior management often focus more on the volume of attacks stopped rather than the severity of the attack or the number of investigations that reach a firm conclusion.

“Whatever the reason it’s important not to be complacent and remain constantly vigilant of new types of attacks.”

Kevin Orritt, ICT security manager at Greater Manchester Mental Health NHS Foundation Trust, said the disconnect could be explained by senior management seeing security investment as a box-ticking exercise.

“While the investment is certainly welcome and helps us reduce risk, in reality it isn’t that simple,” he said. “We still need the people to be able to interpret and action the alerts and make sure that we’re actually measuring the right things.”

Multifactor authentication (MFA) is one way to limit the risk of such attacks. However, it is not a silver bullet, with techniques such as sim swapping an increasingly prevalent way to bypass MFA.

“We’re regularly seeing identity-based attacks being used to circumnavigate traditional perimeter defences like multi-factor authentication (MFA),” said Wade. “Account takeovers are replacing phishing as the most common attack vector and MFA defences are speed bumps, not forcefields.”

The account takeover concern most likely to keep Microsoft Office365 customers up at night is the theft of data stored in the cloud.

Other findings from the research show that identity-based attacks and IoT hacks are the two top security concerns among IT professionals for 2021.

The pandemic has accelerated cloud migration among organisations – for 88% of companies, according to Vectra – which means an increasing attack surface for cybercriminals. Meanwhile, some 58% of respondents believe the gap in cyber capabilities is widening between security professionals and cybercriminals.

Previous research by Vectra tracked four million Microsoft Office365 customers over a 90 day period, finding that 96% of networks showed signs of potentially suspicious activity.


Read more: 1 in 3 email hackers camp out in accounts for over a week