Deloitte hit by cyber attack
- Author: Terrell Bush Sep 28, 2017,
Sep 28, 2017, 0:18
One of four biggest accountancy firms, Deloitte's services include auditing, tax consultancy, and cyber security advice. Last year, Deloitte reported nearly $40 billion in revenue worldwide. It is only believed to be impacting USA clients, but the precise number is not known.
Richard Stiennon, chief strategy officer at security firm Blancco Technology Group, commented on the importance of protecting emails: 'Deloitte's experience with a simplistic breach of their Microsoft 365 infrastructure through an easy to access administrator account highlights how easy it is to overlook critical information stores.
UK-based Deloitte operates from its NY city headquarters and is said to be the epicentre of the cyber attack.
In its statement about the incident, Deloitte said it responded by "implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside and outside of Deloitte".
Later, a spokesperson said that a "very small fraction" of the five million emails stored there were stolen. The report said the hackers could have also accessed other information, such as usernames, passwords, IP addresses and architectural design diagrams.
The firm said that it contacted government authorities immediately after it became aware of the incident and notified each of the "very few clients" that had been affected. "We will continue to evaluate this matter and take additional steps as required".
A statement from Deloitte confirmed that they are committed to increasing their cybersecurity protocols and that they are now evaluating the latest attack in order to adjust their cybersecurity defenses accordingly.
"However, if they are not [encrypted] and the attacker has enough time on target, hacked mail servers can provide a wealth of information", he said.
The hack comes as a big embarrassment for the company, who was ranked the best cybersecurity consultant in the world. Within the cloud system, there could be much more information that could have been compromised, but not revealed yet.
In a survey of more than 1,000 IT professionals conducted by Keeper Security, 54% of respondents said negligent employees were the root cause of a data breach.
Data from clients across all these sectors was present in the company email system that was hacked. If details in the Guardian's report are true, Deloitte failed to deploy elementary security measures such as requiring two-factor authentication.