Deloitte, one of the worlds biggest accountancy firms, has revealed they were the victim of a targeted cyber attack earlier this year. As we have seen on many occasions the attack went unnoticed for months, highlighting the necessity of a strong cyber security team.
By gaining access to one of Deloitte’s administrators accounts, the hackers were able to gain access to the firms global email server. According to the Guardian, the hackers were given ‘privileged, unrestricted access to all areas’. As a result of the breach, confidential emails, usernames, passwords, IP addresses, architectural diagrams and health information were compromised.
A spokesman for Deloitte said “We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.”
Whilst the type of hack has not been officially confirmed, the Guardian have brought to light that the administrators account ‘required only a single password’ and did not have two-step verification (also known as two-factor authentication).
Two-factor authentication provides an extra layer of security and makes it harder for attackers to gain access to a persons device or online account. This is because knowing the victims password would not be enough to gain access. With two-factor authentication, an attacker would also need a second piece of information. There are several different types of authentication factors:
Something only the legitimate user would know, such as a PIN or personal information.
Something the legitimate user has, such as an ID card, security token, or smartphone authorisation.
Commonly called biometrics, they usually include personal attributes such as fingerprints, your voice, or iris scan.