In March 2017, Deloitte, which provides high-end cybersecurity consulting services, discovered the hack and it would appear attackers may have had access to the company’s systems since as early as October 2016.
According to The Guardian, attackers were able to compromise Deloitte’s email server through an administrator account which did not have two factor authentication protection. The hackers had access via the email server and may have had access to usernames, passwords, IP addresses, health information and architectural diagrams of businesses.
As you could imagine, even if Deloitte have cyber insurance in place to mitigate any damage and loss, the reputation damage is significant, especially given Deloitte are the ‘go-to’ for cyber security advice globally.
So, how can you protect your business from a similar situation?
Firstly, ensure you have two-factor authentication on your logins where possible so that the job of a hacker is far more difficult to do without notifying you of their actions. Secondly, ensure you have a robust conversation with your IT advisor around how your platforms could be hacked and put systems in place to create alerts and reporting around this. Also, it would be diligent to look into getting cyber insurance for your business, especially if you hold personal information of customers online, so that if the worst case happens to you, you may be able to mitigate some of your loss.