Investigators tracking financial fraud are always told to follow the money trail to find the perpetrators. Cyber fraud investigators are now learning to follow the data to do exactly the same thing. More and more organisations are moving their data to the cloud, and where the data goes the hackers follow.
Without doubt the most widely used cloud-based application on the enterprise software market is the Windows Office 365 e-mail, storage and collaboration tool. There are now more than 60 million businesses using Office 365 globally, with another 50,000 being added each month.
With all this data being stored in the cloud, the temptation for hackers to attack it is irresistible. If the attackers can penetrate any individual user’s Office 365 account, usually by hacking their individual password, then they can immediately access not only that user’s cloud stored data on OneDrive or SharePoint, but also shared company folders, and the e-mail system.
The hackers can then do many things including, for example, setting up a forwarding rule that sends certain messages, perhaps from a supplier, to a different external account. This could be used to intercept an invoice that is due to that supplier and then to switch a fake invoice for the real one, with new bank details to steal the payment.
There are a number of things that can be done to mitigate such an attack on Office 365, which we can help you with here at Transputec as a Microsoft accredited Gold Partner.
It has been said that there are now only two types of company. Those who know they have been hacked and those who don't yet realise it. The Marriott International hack, in which the details of 500 million customers have been breached through a compromise of its guest reservation database since 2014, is just the latest in a long string of similar data breaches.
Act now to protect your cloud-based data, before it is too late.
Director of Services, Transputec