The Honeymoon for Cloud Services Is Over

The cloud services you rely on are no longer as secure as they used to be. Once seemingly a safe haven for data and applications, attackers are increasingly leveraging cloud services for command and control—and the Symantec Threat Hunter Team predicts an unnerving upshoot in 2025. The Microsoft breach by Russian nation-state actors is one instance of many that show how even widely trusted cloud service providers (CSPs) can fall victim to targeted attacks.

The implications of this rising trend are great, both for CSPs and for the SaaS systems and apps they host. Recent breaches, like those impacting Ticketmaster and Santander, underscore the fact that organizations are exposed to cascading risks in digital supply chains. Though every partner in your digital supply chain should maintain the highest degree of cybersecurity hygiene, their practices aren’t always within your control. 

Assuming cloud platforms and supply chain vendors have your data covered is a gamble you can no longer afford. So what can you do about it? What can you confidently control? These are key questions, because when the next breach occurs, it’s your own defenses that determine what happens next. 

The state of cloud service security

For years, robust security measures from major cloud service providers deterred many attacks, allowing organizations to trust these platforms as secure environments for critical operations. And now, 60% of the world’s most sensitive corporate data is stored in the cloud. 

But times have changed. In the past year, our threat intelligence experts observed a significant uptick in bad actors exploiting cloud services. Attackers are using these breached platforms as “cloud cover”—entry points to target businesses, employees and sensitive data.

The warning signs are everywhere. Researchers cracked a Microsoft Azure multi-factor authentication (MFA) system in just an hour, while Fortinet confirmed leaked SharePoint customer data. But Microsoft isn’t the only one with vulnerabilities. AT&T recently paid a $13 million fine for a data breach through a third-party cloud vendor and cybercriminal gangs exploited cloud vulns to steal thousands of AWS credentials.

As nation-state-sponsored and opportunistic attackers focus on disrupting and infiltrating major platforms, the collateral damage can be paralyzing for organizations relying on these services. In the face of today’s state of chaos, it’s time organizations refocus on what’s within their control.

Cover these four bases

Nation-state-sponsored attacks often aim to cause widespread turmoil and service interruptions, though many target intellectual property that could be useful to their sponsors. For other attackers, the ultimate objective is to access your data and assets. With so many ways for a breach to occur—whether through a vulnerability on the service provider’s end or foothold from a downstream partner—you need to make sure vectors, vulns and valuables are out of sight. 

To make sure you’re covered in the event of a breach, fortify protections across these critical domains:

Endpoints: Your front line

Endpoints are prime targets for attackers. Without unfettered visibility and control, they’re a blind spot. That’s why you need endpoint security that delivers:

• Real-time visibility, threat detection and response and threat hunting across all endpoints with endpoint detection and response (EDR)
• Adaptive protection that allows legitimate application and tool behaviors and automatically blocks anomalous (and potentially malicious) ones
• Application control that allows only trusted and approved software to run on your endpoints—on-premises or in the cloud

Data: The heart of every attack

Usually, if threat actors are coming for you, then your data is the prize. Data Loss Prevention (DLP) solutions step up your data protection by identifying and monitoring critical assets across your organization. By discovering and monitoring where data resides—whether in the cloud, email, web, endpoints or storage—DLP protects against exfiltration in real time. With accurate, granular visibility and control, organizations can safeguard their most valuable assets from exposure or theft.

Cloud: The pulse of today’s workflows

This growing attack vector calls for a greater need to see more, control more and protect more. Well-equipped SecOps teams can achieve this with:

• Public cloud workflow monitoring and threat protection
• Comprehensive discovery, monitoring and protection in cloud apps against malicious content
• Data loss prevention for assets residing in the cloud (and everywhere else it lives)
• Strict, zero-trust access management for cloud-hosted applications

Network: What holds it all together

No environment is left behind. Defending your network against breaches means comprehensive coverage for your deployments, both on-premises and in the cloud. These key protections can help prevent breaches and safeguard your data in the event of one:

• Deep visibility and control over cloud applications
• Granular, zero-trust access management to all corporate resources
• Secure web protection that controls access to sensitive content without disrupting operations
• Easy DLP integration for unified, universal policy enforcement with consistent protection

Beyond the honeymoon phase

The rising threat of cloud service-based attacks has made one thing clear: it’s no longer enough to rely on cloud providers to secure your data and to prevent exposure via cloud services. Organizations must take proactive steps to secure the entirety of their own environments. A layered security strategy addressing key domains—endpoint, data, network and cloud—is essential for closing your doors to breaches.

There is good news: Symantec and Carbon Black, two legendary cybersecurity brands brought together by Broadcom, provide leading solutions across the domain protections we’ve outlined here. So, no matter where you are in your security maturity journey–no SOC, emerging SOC or maturing SOC–you’ll find solutions that meet you where you are.