Managed Security

The Value of a

Hacked Email Account

The Value of a Hacked Email Account

Many businesses are at risk of losing data. Whether through a hacked email account, ransomware attack, malicious malware, or another method, no organization is 100 percent safe from losing critical data. It may be difficult to realize the value of the data at stake until it’s in the hands of cybercriminals, but the hope is to never get to that point.

Additionally, Microsoft 365 has taken a dominant role as the productivity solution of choice for enterprise data: M365 is used by over a million companies worldwide, with over 731,000 companies in the United States alone. In other words, there’s value sitting right in your corporate inbox.

Your business keeps so much sensitive and proprietary information all in one inbox: photos, contracts, business plans, invoices, tax forms, reset passwords, and pay slips are just a few of the details which can be found in your users’ professional inboxes. By simply breaching their emails, a malicious hacker can get access to all these vital documents. So, when you look beyond the treasure trove of confidential information that is kept within your employees’ inboxes and consider the other ways data can be stolen, you can imagine the consequences are staggering. Keep reading to learn exactly how much your organization’s data can be worth, and how you can better prepared for a breach.

Sit Up and Pay Attention

Have you ever sat down and thought about how much the data within your organization is actually worth? First, let’s talk through some facts and figures. Did you know that a truly alarming 85 percent of organizations have suffered email data breaches in the last 12 months? Further, 67% of IT leaders reported an increase in data breaches due to remote work – with the risk being intensified for Microsoft 365 users.

The True Value of Stolen Data

So, what is the motivation behind hackers these days? According to Verizon’s annual data breach report, 86% of all data breaches in 2020 were about money. On average, the cost of a data breach is $4.24M. Insider threats are more damaging, particularly if it’s a compromised account, careless employee misuse, or a malicious insider. The cost of such a data breach could be up to $8.76M.

After a hacker has successfully infiltrated a network and stolen personal data, they’ll often look to sell or even advertise that data on the dark web. No matter the size of your business, the hacker will do everything in their power to demand payment from any customer no matter the size or business sector (charity, health care, or else).

Let’s break down the true value of stolen personal data, item by item:

  • Credit card with PIN: $15-$35
  • Credit card details: $150-$240
  • Stolen online banking logins: $40-$120
  • Hacked email accounts (Groups of 2,500+) – $1-$15
  • Hacked Social Media Account - $35-$80
  • Stolen identity – $0.10-$1.50
  • ID/passport scans or templates: $1-$35
  • Mobile phone online account: $15-$25
  • Full ID packages (name, address, phone, SSN, email, bank account): $30-$100
  • Medical notes and prescriptions: $15-$20
  • Hotel loyalty from reward program accounts with 100,000 points – $10-20
  • Cloud service account – $5-$10

(Sources: Symantec, PrivacyAffairs.com)

Don’t let the numbers fool you: just because they may seem on the lower end of things, you have to consider the size of the data breach itself. Whether a network of hundreds or thousands was compromised, the cost of an attack skyrockets per individual. Hackers today have become more sophisticated than ever, and one user could be the stepping stone to the entire database they’re after. And ultimately, the payout can have a huge and harmful impact on the organization.

Microsoft Takes Security Seriously

Microsoft takes Microsoft 365 security seriously and has made significant investments in service-level security. However, users can still perform either accidental or malicious high-risk actions within Microsoft 365 which can put your business at risk. Also, account credentials can be stolen through phishing scams and then used by third parties to get access to your data.

Email accounts are hacked by cybercriminals because they are often a weak link in an organization’s security pipeline. The diagram below, adapted from Krebs on Security is a clear overview of the value of your corporate email account.

Managed Security-krebs
Overview of the value of a corporate email account, source: SoftwareONE

Think about it – when anyone signs up for an online service, the user must enter an email address, and whoever controls that email address can reset the password and take over the account, all without the immediate knowledge of the account’s owner. And that’s just one example. A data breach can happen quickly, and the zero-day attacks we’re seeing today give organizations absolutely no warning signs.

Take ransomware, for example. Ransomware is a form of malware that utilizes encryption to hold a user’s personal information at ransom. This will leave the user unable to access their files, applications, databases, and more because it is encrypted. From there, a ransom will be demanded in order to regain access. The effects of a ransomware attack can be astronomical. In fact, the average ransomware payment is currently estimated to be between $50 million and $70 million, with it costing an additional $1.85 million to remediate the attack.

And then there’s phishing – the fraudulent practice of sending emails pretending to be from reputable companies in order to coerce individuals to reveal personal information, such as credit card numbers, account numbers and passwords. All phishing emails have a link provided that if clicked on will either direct the user to site and infect your PC with malware (such as ransomware) or direct you to a website asking for personal information.

How to Stay Safe from a Data Breach

A three-pronged approach is needed to keep your organization’s data safe. First, you must focus on security. Second, you should focus on back up. And third, making sure to focus on user awareness training since sometimes humans can ultimately be the weakest link in security. If they are trained properly and educated on best practices, this could prevent some threats and mitigate risk.

Let’s talk further about the first two steps in this approach and what should go into it.

Security

An effective Microsoft 365 security strategy will begin with a Microsoft 365 Security and Cyber-Threat Assessment and provide you with a security configuration score. Next, it is strongly encouraged to move forward with Penetration Testing as well, which will help you discover and prioritize vulnerabilities. This is followed by a recommendation on best practices and guidance on successfully implementing M365 security features.

Such a strategy will need to cover:

  • Proactive threat reporting and monitoring of your Microsoft 365 environment
  • 24 / 7 reactive and proactive security support
  • Bi-monthly reporting with insights for improving your security standing
  • A plan for setting up, enhancing and maintaining threat detection, threat protection, and threat response capabilities
  • Identification of security and compliance gaps
  • Remediation guidance for effective risk mitigation

Addressing the security skills gap within your IT team will be the most necessary and pivotal step towards protecting your business inbox.

Protect Yourself from Ransomware

Ransomware is everywhere, but your organization can take certain measures to help ensure you won’t be the next victim. Read our eBook to learn these three data protection tactics.

Download Now
  • Managed Security, Managed Backup
  • Cyber Security, Office, Data Security, Cyber Threats, Cyber Attack, BackupSimple

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

Getting Started with a Cyber Security
  • 12 July 2022
  • Joe Morley
  • Managed Security, Cybersecurity User Awareness, cloud-security, Cybersecurity, Digital Transformation
  • Cyber Threats, Cyber Attack

Getting Started with a Cyber Security: Attack Types & The Attack Cycle

Charities and nonprofits hear about security a lot. Let’s take it back to basics. This first post outlines how attacks happen and the attack cycle.

Cyber Security Update May 2022
  • 23 June 2022
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Data Security, Security, Ransomware

Cyber Security Update May 2022

Scammers are using more ruthless and sophisticated phishing techniques to acquire confidential data. Don’t let the criminals fool you.

Backing Up Microsoft 365: Don’t Forget Data is Your Responsibility

Backing Up Microsoft 365: Don’t Forget Data is Your Responsibility

Many people believe that Microsoft “takes care of it all” with their Microsoft 365 suite of tools, but that is only partially true. Learn more on how Microsoft is focused on managing the infrastructure and uptime of Microsoft 365.