According to information made available by specialist insurers Beazley, workplace inboxes are increasingly coming under attack. This has particularly affected companies using Office 365.
Hijacking email accounts is an especially efficient approach for attackers, as even a single account can already serve as a platform for spear phishing activities both internally within the attacked company and externally. In fact, it seldom ends with just one compromised account – in some cases hundreds of inboxes may be impacted, the experts at Beazley warn. And it can get really costly in the event that the hacked employee is handling personal or confidential health data. Legal expenses and the cost of forensics, data mining, manual checks, notification activities, call center efforts and the monitoring of accounts could easily add up to more than 2 million US dollars. But even for smaller incidents, damages quickly exceed US$100,000.
As an effective means of safeguarding against attacks targeting email inboxes – 39 percent of such attacks launched in the second quarter of 2018 were carried out by means of hacks and malware, followed by the 22 percent which were due to human error – Beazley recommends activating two-factor authentication (2FA) and training employees to sensitize them about the dangers posed by spear phishing and other attacks that use email as their vector of attack.
We also recommend Retarus E-Mail Security and especially its Advanced Threat Procection, including sophisticated protective mechanisms such as CxO Fraud Protection, as a sensible addition to Office 365’s Exchange Online. Because, among other good reasons, some analysts advise companies to rather source email security services from a different provider than the email services themselves, with a view to diversifying risk and avoiding lock-in.