Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Compromised emails on the rise: Beazley

Reprints
Compromised emails on the rise: Beazley

The compromise of business email is on the rise, particularly for cloud-based applications, according to the most recent report from Beazley Breach Response Services, part of specialist insurer Beazley P.L.C.

The industries most affected were the financial services, health care and professional services industries, according to the Beazley Breach Insights report, released Monday.

Many of the incidents involved Office 365, the cloud-based suite of Office applications, which accounted for 13% of incidents, the report said.

Hack or malware accounted for 42% of incidents, followed by accidental disclosure at 20%, and both social engineering and insider at 9%, the report said.

Other causes were portable devices at 5%; physical loss/nonelectronic record at 4%; payment card fraud at 1%; and unknown/other at 10%.

Spreads among the different industries varied widely. In higher education, hack or malware accounted for 47% of incidents, followed by accidental disclosure at 21%, less than half.

The spread in the financial sector is even greater, with hack or malware in 55% of incidents and accidental disclosure, the next most frequent type, in just 18%.

Among health care incidents, however, hack and malware and accidental disclosure both came in at 29%, the report showed.

“These incidents are usually caused by an employee clicking on a link in a phishing email, often in the form of a ‘DocuSign’ request, HelpDesk message, or Microsoft survey,” the report said.

Such incidents are on the rise because they are easy to carry out and the email accounts can be used for a variety of purposes, the report said.

Many can be easily avoided, however, by enforcing strong password policies and educating employees about the risks of recycling passwords for different applications; alerting employees who have access to accounts payable systems or wire transfer payments about these types of scams; and training all employees to beware of phishing attempts.

“The number of compromised email accounts is accelerating, but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities,” Katherine Keefe, global head of Philadelphia-based Beazley Breach Response Services, said in the report.

 

Read Next

  • Fake CEO emails cost companies more than $5 billion: Report

    A report by U.S.-based networking equipment firm Cisco Systems Inc. and system solutions firm Trivalent Group Inc. found that companies suffered losses of more than $5 billion in the last three years from fake e-mails, HRDive.com reported. The phishing attack makes e-mails look as though they are from the company's chief executive and asks employees to send money to designated recipients.