Specialist insurer Beazley has reported that the number of business email compromises is accelerating, particularly for those organizations using Office 365.
These hack and malware breaches accounted for 13% of incidents reported to its Beazley Breach Response (BBR) Services team during the first quarter 2018. The three sectors most affected were financial services, healthcare and professional services.
What do you know? These incidents are “usually caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey”, the report notes.
Over half (55 percent) of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to the 53 percent recorded in Q4 2017. The number of social engineering incidents, which accounted for one in five breaches (20 percent) in Q4 2017, almost halved to 12 percent of the total in the quarter.
Such email compromises are on the rise because they are easy to carry out, and threat actors are able to use the email accounts for a variety of purposes, including stealing bank information to send emails requesting fraudulent wire transfers, Beazley notes.
Katherine Keefe, global head of Beazley Breach Response Services, said: “The number of compromised email accounts is accelerating, but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organizations to secure their lines of defense.”
BBR urged: two-factor authentication for access to Office 365; enforcement of strong password policies; training to ensure that all employees are aware of phishing attempts and for those using cloud-based platforms, investigating what logging is available and making sure it is enabled: “For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration.”