View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Another Breach Report, Another Plea to Stop Clicking Spearphishing Links

Social engineering incidents halve (because why bother when phishing's so easy?)

By CBR Staff Writer

Specialist insurer Beazley has reported that the number of business email compromises is accelerating, particularly for those organizations using Office 365.

These hack and malware breaches accounted for 13% of incidents reported to its Beazley Breach Response (BBR) Services team during the first quarter 2018. The three sectors most affected were financial services, healthcare and professional services.

What do you know? These incidents are “usually caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey”, the report notes.

Over half (55 percent) of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to the 53 percent recorded in Q4 2017. The number of social engineering incidents, which accounted for one in five breaches (20 percent) in Q4 2017, almost halved to 12 percent of the total in the quarter.

Such email compromises are on the rise because they are easy to carry out, and threat actors are able to use the email accounts for a variety of purposes, including stealing bank information to send emails requesting fraudulent wire transfers, Beazley notes.

Katherine Keefe, global head of Beazley Breach Response Services, said: “The number of compromised email accounts is accelerating, but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organizations to secure their lines of defense.”

BBR urged: two-factor authentication for access to Office 365; enforcement of strong password policies; training to ensure that all employees are aware of phishing attempts and for those using cloud-based platforms, investigating what logging is available and making sure it is enabled: “For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.