Deloitte, one of the world’s largest accounting firms, was recently hit by a cyber security breach. As one of the “big four” accounting firms, a significant breach could affect businesses in sectors as diverse as energy, financial services, healthcare, government, and real estate, among others with names like Metlife, Boeing, General Motors, Berkshire Hathaway, and Microsoft. And with reported revenue of $37 billion last year, this could have a huge impact. So just how significant was this attack, and what sort of data was compromised? And what is Deloitte doing about it?
Surprisingly, the breach itself actually occurred at some point during the final quarter of 2016, but wasn’t discovered until March of this year. It turns out Deloitte was hosting their email on Microsoft’s Azure cloud service. Because this service wasn’t protected by 2-factor authentication, attackers were able to access an administrator account. This breach could have exposed a wide range of data, including IP addresses, usernames and passwords, confidential data, and a range of other private information from Deloitte’s clients, not to mention the emails themselves. Deloitte, for their part, has downplayed the attack, saying most of their clients were safe. The details of the attack, though, including whether the attacker was a lone wolf, a rival, or another party, are still being investigated. They did, however, mention the affected companies were all based in the United States.
How Deloitte Responded
First, they’ve implemented an extensive review of their own systems, to plug the gap mentioned above and mitigate any other issues. They’ve contracted external services to shore up their internal team as well. Next, they’ve contacted the relevant authorities within government to take care of things, and retained the services of the law firm Hogan Lovells to deal with any fallout. Finally, they’ve informed each of their affected clients of the breach, and, assumingly, contacted the unaffected clients as well.
The Importance Of 2-Factor Authentication
The details behind this attack are still being investigated, so it’s hard to speculate on what Deloitte’s security team could have done differently to ensure this attack never took place. However, based on what we know right now, one of the big security gaps was the lack of 2-factor authentication. In a world of increasing digital crime and security risks, especially for an organization as large as Deloitte, security leaks often come in the form of something simple like a weak password or a lack of 2-factor authentication. The standard username and password system of authentication is no longer enough when dealing with sensitive documents and information. After all, these sensitive documents could create a trail of breadcrumbs which could lead an unscrupulous attacker down a path that leads to information like your mother’s maiden name, the name of your public school, your favourite book, or other tidbits commonly used as the answer for security questions. This is why many security experts suggest using fake answers to these questions, which is advice many people don’t take. All 2-factor authentication does is add an additional layer of security to access an account, using something only those who should have access should have. This can be in the form of a physical token (like a bank card or key fob), a text message or email, or a random number generated using a service like Google Authenticator. But this additional layer can help thwart a number of different security risks. 2-factor authentication has been shown to help reduce email-based phishing attacks as well, since criminals end up needing more than just a username and password. The downside is that it can slow things down and cause difficulty when new users need to have access to an account, but this is a small price to pay to ensure your security. Compare this with the inconvenience of locking the door of your home. It would be easier not to lock your door, and it would save you time when you’re trying to get inside with several bags of groceries in your hands. But that doesn’t stop you from locking your door anyway, and the same should be true with 2-factor authentication.
Contact 1st Secure IT
Implementing 2-factor authentication is, of course, just one of the many ways your company can protect itself from cyber security threats. For Deloitte, the name of the game from here will be disaster control. They will do what’s necessary to make things right with their clients, but the damage has already been done. Whatever the results of their investigation, someone will end up with egg on their face. Some people may lose their jobs over this, and Deloitte may end up losing the faith or the business of their clients. This is a harsh lesson for them to learn, but it doesn’t have to be that way for you. Contact 1st Secure IT to find out how you can mitigate any security holes in your own systems, protect your sensitive data, and give your clients the peace of mind in knowing they can rely on you to keep their sensitive information secure. Contact 1st Secure IT and take the first steps toward a safer, securer, more reliable digital presence today.