Cloud-based office solutions are coming under increasing attack from cyber criminals, with the majority of incidents involving compromised business email accounts. This is according to the Beazley Breach Response Services team, whose Q1 2018 figures increased sharply since the previous quarter. The three sectors most affected were financial services, healthcare and professional services.

Most incidents are caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey. After clicking on the link, the employee is redirected to a legitimate-looking website and asked for email credentials. This provides genuine credentials to the cyber criminal who can then log into the account undetected. Once in the chain of communication, the cyber criminal can provide fraudulent instructions to divert and steal payments made by or to the organisation, or access personally identifiable information.

The compromised credentials may also allow the cyber criminal to access other data and, if the organisation uses cloud-based OneDrive storage, the cyber criminal will have access to all files the employee can access.

Global head of Beazley Breach Response Services, Katherine Keefe, said while the number of compromised email accounts is accelerating, simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. "With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organisations to secure their lines of defence,” she said.

Share Story: