Read More

Don’t Be Like Microsoft – Here are 9 Ways to Keep Your Organization Safe from Cybercrime

What lessons can employers learn from the penetration of Microsoft executive accounts by foreign hackers?

If it can happen to them, it can happen to anyone. In a stark reminder that nobody is totally safe from the threat of cyberattacks, Microsoft has revealed that a foreign nation-state actor successfully breached its corporate network in a series of attacks between November 2023 and January 2024.

Microsoft has alleged that the attacks were conducted by a group called Midnight Blizzard (also called Nobelium), a known proxy of the Russian government. This event is distinct from the many other hacks of Microsoft products because the victims of the attack were not Microsoft customers, but some of Microsoft’s top executives.

How Did the Microsoft Hack Happen?

While Midnight Blizzard has shown itself to be capable of extremely advanced and complex cyberattacks, it didn’t need anything fancy to break into Microsoft’s corporate email servers. Instead, it used an extremely simple tactic called “password spraying.”

The victims of the attack were not Microsoft customers, but some of Microsoft’s top executives.

Password spraying is exactly what it sounds like. Hackers simply compile a list of email addresses that they would like to compromise and try to access them with commonly used passwords. It’s extremely basic, but all it takes is one lapse in security for it to be extremely effective. At least one Microsoft employee must have had a very guessable password, which allowed Midnight Blizzard to access the company’s internal communications. Apparently, the hackers were able to move around undetected for weeks and access the inboxes of some of Microsoft’s most senior employees.

What Can Employers Do to Prevent This?

This Microsoft breach serves as an additional reminder of the critical importance of robust cybersecurity measures, particularly concerning business email compromise (BEC) and the need for multi-factor authentication (MFA) across all business systems. With access to sensitive communication channels, the attackers could potentially have viewed confidential information, including strategic plans, intellectual property, and personal data. This breach not only poses a significant risk to Microsoft and its clients, but also highlights the broader threat landscape faced by businesses worldwide.

Here are 9 policies your organization can implement to minimize the consequences of this type of attack and prevent them from occurring in the first place:

  1. Heightened Security Awareness: The breach underscores the need for heightened cyber security awareness at all levels of an organization. From frontline employees to C-Suite executives, everyone must remain vigilant against phishing attempts, suspicious emails, and other social engineering tactics used by hackers.
  2. Mandatory Multi-Factor Authentication (MFA): Implementing multifactor authentication can significantly enhance the security of e-mail accounts and other critical systems. By requiring multiple forms of verification, such as a complex password and a one-time code sent to a mobile device, MFA adds an extra layer of protection against unauthorized access.
  3. Regular Security Training and Education: Ongoing security training and education programs are essential for ensuring that employees understand the latest cybersecurity threats and best practices for mitigating risk. By empowering employees to recognize and respond to potential security threats effectively, organizations can reduce the likelihood of successful cyber-attacks.
  4. Continuous Monitoring and Incident Response Systems: Robust monitoring and incident response systems are crucial for detecting and responding to cyber security incidents promptly. By continuously monitoring network activity and implementing robust incident response procedures, organizations can mitigate the impact of breaches and minimize potential damage.
  5. Improved Email Security Solutions: Deploying advanced e-mail security solutions, such as spam filters, e-mail encryption, and threat intelligence platforms, can help protect against phishing attacks and other e-mail-based threats.
  6. Email Authentication Protocols: Implementing e-mail authentication protocols can help verify authenticity of incoming emails and prevent e-mail spoofing and impersonation attacks.
  7. Vendor Risk Management: Assess the security posture of third-party vendors and partners who have access to your organization systems or sensitive data. Implement vendor risk management programs to ensure that vendors adhere to current cybersecurity standards and practices.
  8. Incident Response Planning: Develop and regularly test incident response plans to ensure a swift and effective response in the event of a cybersecurity incident, such as business e-mail compromise. Clearly define roles and duties established communication channels and outline remediation steps to minimize security breaches.
  9. Purchase Cyber Insurance: Cyber insurance can make all the difference in helping organizations avoid large-scale financial losses amid cyber incidents. In addition to the financial protections, many insurance companies provide outsourced emergency response services to help you navigate a breach.

The unprecedented hacking of Microsoft’s executive accounts reinforces the need for constant vigilance, particularly in the realm of business e-mail compromise. By learning from this incident and implementing proactive cybersecurity measures, organizations can bolster their defenses against e-mail-based threats and mitigate the risk of potentially devastating breaches. Through a combination of employee education, advanced security technologies, and robust incident response procedures, businesses can strive to stay one step ahead of cyber adversaries and safeguard their critical assets and sensitive information.

For more information on developments in the cyber insurance space as well as the Property and Casualty landscape more generally, check out our Weathering New Storms: 5 Property and Casualty Market Insights for Employers whitepaper.