09 November 2023
Andy Syrewicze, technical evangelist, Hornetsecurity
Reading headlines on the latest shocking cyber-attack seems to be a weekly occurrence nowadays, with security breaches posing serious threat to businesses across industries. But when we look at the facts, what we encounter in the news simply scratches the surface. 
In 2023 cyber attacks have increased by 7%, with 560,000 new pieces of malware detected every day - understanding what could go wrong and why couldn’t be more relevant. Sharing experiences of data breaches, as cautionary tales will help organisations stay protected and vigilant in the ever-evolving realm of cybersecurity.
Eerie email forwarding rules and dreadful data leakages
Preventing data leaks is a priority for all organisations, but doing so efficiently is not always straightforward. I was involved in some IT services for a family-run manufacturer, where after a family feud, one part of the family left the existing organisation and decided to set up an almost identical, rival company. The original company began to notice that whenever it released a new product, the rival company would follow suit launching a strikingly similar product - a mole seemed the most likely explanation.
As we delved deeper into this data leak, a digital autopsy revealed the truth. There was no deliberate insider threat, instead, an unwanted Outlook email forwarding rule was set in one of the head engineer's machines. This inadvertent rule resulted in the user unknowingly sending every email to the rival company.
Every organisation should harness the power of outbound compliance filtering provided by cybersecurity services, to ensure data is locked away from prying eyes. Sometimes, you don't realise the nightmare is happening until it's too late; staying vigilant and adopting the right cybersecurity practices will help to avoid grave consequences.
Dire data protection
Another set of haunting stories warns of the dangers of inadequate data protection.
A colleague of mine was once brought in to help a financial investigation at a charitable organisation, however all the evidence to help with this mysteriously vanished. It transpired that when the head of the board of trustees and an operations manager left amidst the enquiry, they had deleted all their data. As the organisation did not have any data backup or legal holds in their Office 365 environment, this data, which was core evidence, was lost forever, gravely hindering the investigation.
A similar tale from another colleague of mine unfolded in an independent school, when a hacker infiltrated the school's Microsoft 365 environment, accessing an employee’s email account. The hackers then proceeded to send fraudulent invoices to unsuspecting parents with altered bank details, resulting in parents transferring money directly to the hacker's account. The school meanwhile ended up without receiving the fees due.
Whilst both cases could have been helped by cybersecurity protection tools, there was also a clear lack of security awareness training. When resigning, the head of the board and the manager may simply not have understood how to safely close their online accounts without irrevocably deleting data. Meanwhile the unsuspecting school employee might have clicked on a link that had signs of being an attack.
The dangers of unmanaged IoT devices
One of my most memorable experiences as a managed service provider (MSP) was when an inconspicuous fish tank was found to be the main culprit of a hack.
The company my organisation was tasked to help had been subject to ransomware attacks, with the hackers intent on extracting money through repeated ransomware threats. We had to uncover their method of infiltration to prevent further damage.
Unbeknownst to all, the fish tank in the lobby harboured a ‘smart’ lighting system, embedded with a Linux operating system. The hackers used this innocent IoT device to launch cyberattacks. While the method by which they gained access remains a mystery, the organisation's negligence in following best practices meant they remained vulnerable to hackers. Perhaps even more startling is the fact that this type of attack was not a one-off – another example, with a much larger scope, revolved around a casino.
The need for vigilance when dealing with IoT devices should never be underestimated - unmanaged devices can serve as gateways for malicious actors, infiltrating and compromising an entire organisation. To keep intruders out it is vital to regularly check and secure all IoT devices.
After sharing these tales, I hope they serve as cautionary reminders for organisations navigating cybersecurity. The common thread here is that negligence gives space to attacks. This is why robust backup and full M365 protection through trusted security providers as well as security awareness training are integral to securing your organisation.
