Attacks targeting business email accounts continued to climb in the second quarter. Hardest hit were organizations using Office 365, the popular cloud-based product, according to data released by specialty insurer Beazley.
Email compromises accounted for 23 percent of incidents reported to the Beazley Breach Response (BBR) Services team during the second quarter of 2018.
According to the data, the attacks were broadly distributed across industry sectors.
According to Beazley’s experts, business email compromises are efficient for the hacker because the compromise of a single account gives the hacker a platform from which to spear phish within and outside the organization. They have soared in popularity since the beginning of last year.
Although potentially very damaging, with costs that can exceed $2 million, attacks of this kind are also relatively easily preventable. Two-factor authentication can help, as can employee training. Disabling the ability for third-party applications to access Office 365 can also reduce the likelihood of an attacker using PowerShell, a task automation and configuration management system, for reconnaissance.
“Business email compromise attacks are among the more expensive data breaches we see,” said Katherine Keefe, head of BBR Services. “Years of emails often need to be combed through to identify personally identifiable information or protected health information that has been compromised. In the majority of cases, multiple inboxes are compromised.”
The July edition of Beazley Breach Insights, includes data breach trends and industry-level data on the evolution of cyber threats.
Was this article valuable?
Here are more articles you may enjoy.