Cyber criminals are targeting business email accounts at an accelerated rate, particularly at organizations using cloud-based programs, says a new report from specialist insurer Beazley.

The top two causes of data breaches reported to the Beazley Breach Response (BBR) Services team during first-quarter 2018 were hack or malware (42 percent) and accidental disclosure (20 percent), according to the Beazley Breach Insights-April 2018 report. The three sectors most affected were financial services, healthcare and professional services.

For the financial services sector, 55% of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to Q4 2017 (53%), while social engineering incidents declined to 12% in Q1 2018, down from 20% in Q4 2017. Hacking or malware only accounts for 29% of incidents in the healthcare sector, with accidental disclosure accounting for another 29%.

Beazley said these hacking incidents usually occur when an employee clicks on a link in a phishing email, HelpDesk message or Microsoft survey. The employee is then redirected to a legitimate-looking website and asked for email credentials. This allows cyber criminals to log into the account undetected, where they can provide fraudulent instructions to divert and steal payments made by or to the organization, as well as access personally identifiable information.
If the organization uses a cloud-based program such as OneDrive, the cyber criminal will gain access to all files the employee can access, Beazley said.

The report recommended a number of tips organizations can use to protect themselves against these attacks, such as requiring two-factor authentication, enforcing strong password policies and training all employees to beware of phishing attempts.