Deloitte's mail server hacked, industry incredulous
News that Deloitte has fallen victim to a large scale cyberattack doesn’t surprise me.
It’s reported that the hackers were able to compromise Deloitte’s email server though an administrator’s account which only required a single password. If that is the case Deloitte is not alone in being open to attack by its adoption of the most basic user authentication.
Recent research we conducted found that 86 percent of systems administrators within major enterprises — those people that hold the keys to ‘access all areas’ — are using basic username and password authentication to protect data (20% don’t even bother with a complex password). What’s more, half of the companies in question admitted that business user accounts in their organisation were ‘not very secure.’ If that doesn’t scream irresponsible, I don’t know what does? We’re seeing this type of breach time and time again, despite the death warrant for the password being long issued by industry experts.
There’s absolutely no excuse for companies to be using such weak methods of security. The technology that enables more secure methods of authentication and makes it harder for cybercriminals to gain access in the first place has long existed and is readily available – all it takes is a willingness from companies to implement it. With the GDPR coming into force next year, soon businesses will have no choice but to sit up and listen.