Defence company Raytheon has revealed that it was the victim of a cloud-based attack for the first time, with the incident occurring just last week.
It was a spear phishing attack where an email was sent to employees at the company, asking them to access an application through a certain link, which was through a cloud service.
No data was exploited via the attack, which Raytheon discovered through its monitoring of outgoing network traffic. It described anything trying to get out to the internet as 'beaconing'.
"We recently saw our first cloud-based attack, where the cloud was the enabler to the attack," Vincent Blake, head of cyber security at Raytheon UK told the RSA Conference in London.
"We had 20 people targeted. It was looped back through a cloud service. Two of the individuals did click on the link in the phishing email. We fortunately detected these two when they started beaconing through to the cloud and we picked it up through the beaconing."
Blake attributed the detection to "very sophisticated engines" which use some automation.
Raytheon also makes sure that the "dwell time", the maximum length of time an attack is left in the system before the company responds to it - though it will be working on the response during this time - is just two hours.
"A year from now, I would like it to be down to 10 minutes," Blake added.
Information security has been a c-level concern at Raytheon ever since it started selling missiles to Taiwan five years ago. It was at this point, when "a country next-door to Taiwan" began to show interest in the company's intellectual property information, leading to a significant growth in cyber-attacks it experienced.
Blake said that now: "We block 1.2 billion attacks a day." This is in addition to blocking four million spam emails each day.
"We went from knowing nothing about our network to reporting to our CEO every day of what's going on," he said, keen to get across the fact that board-level buy-in was key to IT security.