The compromise of business email is on the rise, particularly for cloud-based applications, according to the most recent report from Beazley Breach Response Services, part of specialist insurer Beazley P.L.C.
The industries most affected were the financial services, health care and professional services industries, according to the Beazley Breach Insights report, released Monday.
Many of the incidents involved Office 365, the cloud-based suite of Office applications, which accounted for 13% of incidents, the report said.
Hack or malware accounted for 42% of incidents, followed by accidental disclosure at 20%, and both social engineering and insider at 9%, the report said.
Other causes were portable devices at 5%; physical loss/non-electronic record at 4%; payment card fraud at 1%; and unknown/other at 10%.
Spreads among the different industries varied widely. In higher education, hack or malware accounted for 47% of incidents, followed by accidental disclosure at 21%, less than half.
The spread in the financial sector is even greater, with hack or malware in 55% of incidents and accidental disclosure, the next most frequent type, in just 18%.
Among health care incidents, however, hack and malware and accidental disclosure both came in at 29%, the report showed.
“These incidents are usually caused by an employee clicking on a link in a phishing email, often in the form of a ‘DocuSign’ request, Help Desk message, or Microsoft survey,” the report said.
Such incidents are on the rise because they are easy to carry out and the email accounts can be used for a variety of purposes, the report said.
Many can be easily avoided, however, by enforcing strong password policies and educating employees about the risks of recycling passwords for different applications; alerting employees who have access to accounts payable systems or wire transfer payments about these types of scams; and training all employees to beware of phishing attempts.
“The number of compromised email accounts is accelerating, but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities,” Katherine Keefe, global head of Philadelphia-based Beazley Breach Response Services, said in the report.
Source: Beazley Breach Response Services