No doubt, the transition from snail mail to email has improved communications and made the work of businesses more efficient, but not all news is good news.
The latest breach insights report from specialist insurer Beazley spells trouble for users of Microsoft Office 365 and other applications that store data in the cloud.
“As more and more organizations are moving things, like applications or email or infrastructure to the cloud, you got to follow the data and where the data goes, almost like following the money, that’s where the attackers go,” said Brett Anderson, breach response services manager at Beazley. “Office 365 [is] a very popular cloud-based application and collaboration tool, probably one of the most popular ones out there. People have been saving a lot of money over the years moving their infrastructure or on premise versions of their email over to Office 365 to save a lot more money. When you do that, you give up control and visibility.”
According to the insights, the number of business email compromises has accelerated, especially for companies using Office 365 – 13% of incidents reported to the Beazley Breach Response Services team in Q1 of 2018 consisted of these types of hack and malware breaches. It’s not just the increase of attacks that drew Beazley’s attention, but the number of accounts compromised through phishing campaigns, Anderson told Insurance Business.
There are ways for offices using cloud-based applications to fortify their security walls.
“As long as we’re using email in business, we will always have this type of attack, trying to trick an end user,” said Anderson. “A baseline security control that’s almost unacceptable to regulators is not having dual factor, multi-factor authentication. It’s something that can be simple to turn on in Microsoft Office 365 and other cloud-based applications.”
So, while business is moving faster than it ever has before, thanks in part to digitization, there are trade-offs that organizations have to consider when transferring data.
“What our insureds have to think about is, when they do move into the cloud, how are they going to account for what they’re going to give up from a control perspective and making sure that they continue to have that when they move the data into the cloud,” said Anderson.
“One of the main points this year that we see from all of the nation-state hacks [right] on down to the hacks of just mom-and-pop email accounts, is that it’s all authentication right now that’s being attacked – authentication to email accounts, authentication to applications. The biggest takeaway from my perspective is to get people to put multi-factor authentication in place in front of every single app that they can.”