2020 demonstrated that everything could change instantly, but few areas have had to pivot as much as cyber security. As remote workforces dispersed across the globe, organizations rushed to implement long-term digital transformation projects, ripping up the rulebooks of standard cyber security practices.

Over the next year, security teams will have to adapt to further change. Initial measures that bridged the abrupt move from office to home working are now being revised, with priorities shifting from operational continuity to protecting the dynamic workforce. The surge in the use of SaaS applications globally – whether as part of a longer-term project executed over time or forced overnight by the global pandemic – is a key area for security teams to reconsider.

While cloud platforms have fueled efficiency and collaboration over the past year and empowered organizations to push the limits of innovation, they have widened the attack surface and come at the cost of a coherent and tractable security strategy.

One of the most significant areas of concern is the fact that employees have started storing sensitive files in locations and services organizations had not been aware of as recently as a few months ago. Such practices create poor visibility of employee activity, meaning that account takeovers, data exfiltration, and misconfiguration errors in cloud and SaaS platforms often go unnoticed.

Only 22% of organizations feel they have adequate visibility into the cloud, with a third failing to monitor abnormal behavior across these systems. The result? Threats are slipping through, with significant business compromises occurring.

Why Traditional Security Tools Are No Longer Enough

Remote working has left security teams overstretched. Workforces are now dispersed across systems and services, with the agility of SaaS applications, their breadth of coverage, and security teams’ unfamiliarity with these platforms, creating a situation in which security teams find it difficult to maintain protection.

While it has long been the case that yesterday’s attacks cannot predict tomorrow’s threats, the inability of a rules and signature-based approach to detect novel and sophisticated attacks in cloud and SaaS environments has become more apparent over the past year.

Struggling security teams are faced with limited defense options: use the native security controls provided in each platform – and risk a lack of security maturity – or go with a third-party security solution, often in the form of Cloud Access Security Brokers (CASBs). In the former’s case, these tools have been proven to be static, siloed, and incompatible, while CASBs fall short in terms of detecting new threats.

Securing cloud and SaaS platforms needs to be organizations’ top priority in 2021. Although often side-lined in favor of protection against ransomware and spear-phishing campaigns, cloud and SaaS attacks can have devastating consequences. As the Capital One data breach attests, their stealth frequently allows them to go undetected for longer – leading to widespread and lasting damage, with teams only noticing threats too late.

Autonomously Detecting and Responding to Cyber-Threats

To deal with cloud and SaaS attacks, organizations need a fundamental shift in thinking, looking to an enterprise-wide approach to cyber defense. Today, thousands of cyber security professionals have turned to Cyber AI.

Analogous to the human immune system, Cyber AI learns on the job to understand what ‘normal’ looks like for all users, devices, and cloud services as they interact with IT systems. Leveraging unsupervised machine learning, the AI’s unique understanding of ‘self’ across the dynamic workforce enables the technology to autonomously identify and respond to the full range of threats when they inevitably arise – from malicious insiders to misconfiguration errors.

Cyber AI is already fundamental to detecting the most sophisticated and novel attacks at machine-speed. In a recent example, Cyber AI identified a business email compromise after an attacker infiltrated an employee’s Microsoft 365 account. Their aim? Accessing sensitive financial documents hosted in SharePoint. While the threat indicators were subtle, such as unusual IP address, login time, and files accessed, Cyber AI’s nuanced and evolving understanding of ‘normal’ across the organization meant the AI was able to correlate these behaviors and identify them as malicious.

The incident was immediately flagged to the company’s security team before any damage was done. Had Autonomous Response technology been activated in this organization, the threat would have been contained in the first stage of account compromise.

A New Era of Cloud and SaaS Defense

Ultimately, traditional detection approaches comprising hard and fast rules are not enough to ensure that cloud applications remain secure. A more intricate and effective approach to cloud and SaaS security requires understanding the dynamic individual using every account.

Cloud applications are fundamentally platforms for humans to communicate – allowing them to exchange and store ideas and information. Abnormal, threatening behavior is therefore impossible to detect without a nuanced understanding of those unique individuals: where and when do they typically access their Microsoft 365 account, which files are they likely to access in Dropbox, who do they usually connect with in Google Hangouts?

As the attack described above demonstrates, these are questions for Cyber AI to contend with – understanding the user across the entire digital business.

With attackers increasingly looking to capitalize on cloud and SaaS platforms’ weaknesses, organizations need to turn to Cyber AI. In this new climate, artificial intelligence is no longer a ‘nice to have’ but a necessity for fighting against the latest attacker innovations – and autonomously containing the threat.

For more on Cyber AI in action, read this blog on how a Mimecast miss led to broad-scale email compromise.