On the 8th Day of Christmas: Lessons Learned in 2018

Deloitte Date Breach

Back in March 2017, Deloitte, one of the ‘big four’ accounting firms discovered a breach of its email system. The breach may have been happening since as early as October 2016. What is most shocking about this breach is that Deloitte consults big multinational companies with a range of cybersecurity services. Yet, they seemed to fall at the first hurdle.

It was announced that access to the email system had been granted via an administrator account to the email system, which did not have two factor authentication set up!!! When they are advising others on cybersecurity, you would have thought they would have it right themselves. Of course, as they are a big accounting firm, they would be an obvious target for cybercriminals but access should not have been as simple as it was.

According to Deloitte, only 6 clients had been contacted due to being affected, however, it was likely to have been much higher. It was very likely that hackers had gained access to, “usernames, passwords, IP addresses, architectural diagrams for businesses and health information”. This is why it is important Deloitte identify all those affected. It just goes to show that you can have the best protection across your network, yet the smallest things can allow the criminals to gain access.

The biggest lesson we learned from this breach is that the simple things are the most important to set up. Initially, every business can ensure they have such processes in place. They may seem too simple to protect your entire business, but without the little things what is the point of the more major protection?

Don’t forget you can follow us on Twitter and LinkedIn to stay up to date with the latest cybersecurity news and biggest breaches.