As many businesses understand, reputation and customer trust are very difficult to build and all too easy to lose. When a business experiences a data breach, their problems quickly become their customer’s problems. “Key Security Threats Facing Your M365 Environment and How to Protect It,” a recent webinar from the 1nteger’s cybersecurity team, explored a real-life example of a malicious cyberattack, its impact, and how it could have been prevented.
You don’t want to find out from a customer that you have a data leak
Not too long ago, some of the team at TechMD received an email from a local law attorney’s office (who was not a client). The email contained confidential data about a compensation claim case, detailing the client’s name, extent of the injury, settlement information, and more. At the bottom of the email was a suspicious link. It was immediately obvious that the law firm had been seriously compromised.
In these situations, there is typically malicious intent, usually targeted at financial gain and/or reputational damage. Realizing that the law firm’s entire address book had been blasted with sensitive information, TechMD contacted the firm to notify them. Not all users created are equal, and as people continued to innocently open and forward the email, the risk increased that the firm’s employees and clients would click on the malicious phishing link, making the law firm’s cyber problem their problem.
Reputational damage is hard to quantify
Reputational damage is difficult to quantify in terms of dollars and cents. The leaked information was clearly protected by law. Unfortunately, it isn’t enough to ask users to delete the sensitive information and forget all about it. There are business considerations made based on these types of scenarios. How likely would you or your business be to partner with a company that has experienced something like this?
There is a huge volume of sensitive data that transitions through Microsoft 365 (M365) accounts, whether via email, files or chat that need to stay private. If you think through your business, think about those potentially damaging documents that you have, whether they’re personnel files or intellectual property or budget figures, that you don’t want seen outside of your environment. Keeping data where it belongs is one of cybersecurity’s main focuses.
Cybersecurity is all about layers
Effective cybersecurity is all about layers, combining people, processes, and technology in a way that covers as many angles as possible, such is the case with managed detection and response (MDR) offering, 1nteger CORE.
A number of criminal techniques could’ve been employed to carry out the above attack. Potentially, the sensitive information could’ve been obtained via a password spray (also known as a brute force) attack, which is commonly detected by CORE. A bot figures out usernames and hammers users with failed login attempts, hoping to crack an easy or commonly used password.
In a recent scenario with a newly onboarded CORE client, the Security Operation Center identified 25 users from 25 countries carrying out thousands of failed login attempts over the course of two minutes. The 1nteger team instantly put multi-factor authentication in place, requiring a security token, which stopped the attack. However, the danger was not over, because savvy cyber criminals keep evolving. The next step would be to try to crack MFA with a man in the middle attack, and the only way to stay on guard is through 24×7 monitoring.
The ability to act in real time is essential to be able to identify, isolate and remove threats. Contact us to learn how you can proactively protect your environment within a few days and stop your cybersecurity problems before they spread to your customers.