Out of all the cybersecurity statistics we have seen these past years, we believe the most alarming is this one. According to Barracuda Networks, 29% of organizations it monitored last month, had Office 365 accounts compromised.
Once inside an email account, the attackers can do many things which are all extremely harmful.
They monitor the emails to see what is happening within the organization. They become familiar with practices such as wire transfers, who makes various decisions, etc.
They can use the account to send emails to others within the organization which in-turn can ask for a user name and password to access a file or portal.
They also can and do ask for urgent actions such as paying an invoice or forwarding sensitive information like tax details.
In the March 2019 analysis performed by Barracuda researchers, hackers set up malicious rules to hide their activity in 34% of the nearly 4000 compromised accounts.
Hackers can linger in even the most sophisticated organizations for days, weeks, months and even years. Wipro is thought to have hackers inside their systems since 2015!
Every company is a potential target and should use a phishing simulation tool which tests employees by sending safe phishing emails. When employees click, they are then presented with educational material which helps them learn what to avoid.
One alternative, Phish360 is so effective, it has achieved almost 100% click rate when used in various organizations.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.
It’s a dangerous world and it is getting worse. Every company must be proactive to stay secure.