The transition towards cloud services could leave companies more open to cyber-attack, compounding aggregation risks for reinsurers

Beazley chart

Cyber-attacks targeting business email services have risen sharply in recent quarters, according to data from London market cyber insurer Beazley.

Hardest hit were organizations using Office 365, the popular cloud-based suite of office services.

Beazley’s data suggest smaller firms moving their email onto cloud services are particularly vulnerable.

Email accounted for 23% of incidents reported to the Beazley Breach Response (BBR) Services team during the second quarter of 2018.

Such attacks – some leading to claims reaching $2m – have soared in popularity since the beginning of last year, noted Beazley.

“They’re easy to perpetrate and they can have a big impact,” said Raf Sanchez, international breach response service manager at Beazley.

Remote working practices, driven by firms’ desire to become more efficient, accessing multiple office applications from cloud services, have added to the risk.

Beazley said business email compromises are efficient for hackers because the compromise of a single account can gain a hacker a platform from which to spear phish within and outside an organisation’s network, bypassing whatever firewalls or in-house security is in place.

“Some companies are not focused on password security because their corporate networks have firewalls in place,” Sanchez said.

Hackers can seek to gain access by sending a targeted email pretending to be from Office 365, asking the user to resubmit their username and password login details.

“That can allow the attacker to monitoring email via auto-forwards and act as you in email correspondence, gaining access to company data or personal information across the suite of cloud products, that can be valuable on the dark web,” said Sanchez.

Attacks of this kind are also relatively easily preventable; two-factor authentication can help, as can employee training, Beazley stressed.

Small- and medium-sized enterprises (SMEs) are particularly vulnerable, data suggest.

“Multi factor can be implemented easily,” Sanchez said. “SMEs are less likely to pay for professional advice for how to transition towards cloud services.”

The forensic work can be intensive, he suggested, particularly if the company has not turned on audit logs or they are set to be deleted at the end of each week for data held on the cloud.

“That forensic work can get expensive,” said Sanchez.

From a reinsurance perspective, this trend could represent an aggregation issue, Sanchez warned.

“This is not just Office 365 but the wider trend of how much data is being stored in the cloud – whether that’s Microsoft, SAP, Google’s G-suite or Oracle,” he said.

“It’s incredible how many people are transitioning to those services. From a claims perspective, we could see many more compromises,” Sanchez added.