Attacks targeting business email accounts continued to climb in Q2 2018, specialist insurer Beazley has reported, with organisations using Office 365, the popular cloud-based productivity solution from Microsoft, among the hardest hit.
Email accounted for 23% of incidents reported to the Beazley Breach Response (BBR) Services team during Q2 2018. The attacks were broadly distributed across industry sectors.
Business email compromises are efficient for hackers because ensnaring a single account provides a platform from which to carry out further phishing attacks within and outside the organisation, according to Beazley.
Although potentially very damaging, with costs that can exceed $2 million (£1.53 million), attacks of this kind are also relatively easily preventable, Beazley said.
Two-factor authentication can help, as can employee training, according to the specialist insurer. Disabling the ability for third-party applications to access Office 365 can also reduce the likelihood of an attacker using PowerShell, a task automation and configuration management system, for reconnaissance.
“Business email compromise attacks are among the more expensive data breaches we see,” said Katherine Keefe, head of BBR Services. “Years of emails often need to be combed through to identify personally identifiable information or protected health information that has been compromised. In the majority of cases, multiple inboxes are compromised.”
The July edition of Beazley Breach Insights, the insurer’s quarterly publication showing data breach trends, provides detailed insight into the evolution of cyber threats.