‘Millions of Email Accounts Compromised…’
– The Daily Telegraph (UK), May 2016
This was the headline in a UK news outlet discussing a ‘…massive data breach that includes Google and Yahoo’. It’s a catchy headline for sure. However, the line that really caught my attention was from the lead paragraph:
‘More than 270 Million email accounts with major providers around the world have been compromised…’
Try to comprehend that figure. It’s a staggering number and I’m sure worthy of international headlines. To put this number in perspective, the population of the United Kingdom is 64 million and the population of the United States 317 million.
What does this have to do with you? That’s a fair question, considering the majority of you don’t run Google or Yahoo mail in your corporate enterprise. However, let me pose another question:
Why were email accounts targeted?
To answer that, I’d like to refer you to a recent blog post where we explain what a mailbox is used for: Microsoft Exchange, Non-Owner Mailbox Logon: Auditing the Insider Threat
When you understand how mailboxes are used, it becomes crystal clear why they are under threat. Whether they’re in personal webmail or on a corporate Exchange server, all mailboxes have one thing in common: they contain data, and more often than not, sensitive data. Sensitive data in the wrong hands can cause profound damage to an organization’s finances and reputation.
Unless you have a strict mailbox maintenance regime and regularly check corporate mailboxes for sensitive data, have an impenetrable intrusion detection system, and suffer from no human vulnerabilities, the facts are the facts: your mailboxes are at risk.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Mark Wilson is a Director of Product Management at STEALTHbits Technologies.
He is lead Pre-Sales consultant in the EMEA region and a key member of the global Product Marketing team.
Mark has 18 years’ experience working in virtually all technical support and consulting roles across both public and private sectors in the UK, EMEA and Globally.
Areas of specialism include compliance, data governance, IAM, migrations and consolidations.