While the Equifax data breach is still fresh on everyone's minds, another financial giant has fallen victim to data breach. This time the casualty is the global accountancy firm Deloitte.
Below, CyberPolicy will give you the lowdown on the Deloitte data drain. Of course, if you want to defend your company against a similar fate, you'll need to invest in cyber coverage insurance as soon as possible. You never know when your network will be breached, but you can know if you are protected.
Hackers Exploit Deloitte
Deloitte is known as one of the top accountancy firms in the U.S. and the world. However, it was revealed Monday that Deloitte was struck by a cyberattack that may have extended from October of last year through this past March, according to The Guardian (who broke the story).
Deloitte is one of the \"big four\" major accounting firms in the world (along with PwC, EY and KPMG) and provides audit, tax and advisory services to blue-chip corporations. While Deloitte maintains that \"very few\" clients were affected, at least six corporations have been notified that their information was impacted.
Sensitive emails and attachments appear to have been stolen through a yet-undisclosed but \"sophisticated\" hack. Additionally, The Guardian claims the hackers had potential access to usernames, passwords, IP addresses, architectural diagram for business and health information. No one knows whether this was the work of a lone wolf cyber crook, a business rival or a government-backed hacking collective.
To add insult to injury, Deloitte also offers cybersecurity consultations to businesses, making the situation all the more devastating. Deloitte's own website states that \"cyber risk is more than a technology of security issues, it's a business risk.\" But as you can see, the company failed to live up to some of the most common cybersecurity recommendations.
For instance, the hacker(s) most likely compromised the firm's global email server from a centralized \"administrator's account\" which gave them privileged and unrestricted access to all areas of the network. This account only required a single password and did not make use of two-factor authentication (2FA), also known as the two-step verification.
CNN Tech writes, \"This is especially embarrassing for a firm that prides itself on helping other companies thwart online cybersecurity attacks. The company's website boasts that its 'Cyber Intelligence Centre integrates state-of-the-art technology with industry insight to provide round-the-clock business-focused operational security [to clients].'\"
This just goes to show that no one is beyond the threat of digital incursion. Heck, even the U.S. Securities and Exchange Commission was hacked in September!
If cyberattacks are all but inevitable, it only makes sense for organizations to invest in cyber coverage insurance to protect their financial assets from the devastating effects of data breach. For more information on keeping your business safe from cybercrime, visit CyberPolicy!