Introduction
Data is one of the most valuable resources your company has, and you have a duty of care to protect it. Otherwise, breaches, lost data, corruption of data, and critical system outages can all be extremely costly and hinder your future business operations.
Research has suggested that there is a hacker attack every 39 seconds. Not only that, but statistics show hackers steal records every 75 seconds. It’s a lucrative market that is reportedly more profitable than the illegal global drug trade. That being said, it’s important to remember that no one is exempt from hacker attacks, including tech giant Microsoft.
What was the Microsoft Hack
In March 2021, Microsoft fell prone to an attack believed to be carried out by Hafnium, a Chinese government-backed hacking group. Using never-seen-before hacking techniques, the group infiltrated the Microsoft Exchange Server email system.
What did hackers gain access to?
Attackers gained full access to user emails and passwords held on affected servers, as well as administrator privileges and entry to devices connected on those networks. In the past, Hafnium has been known to exploit systems to obtain data such as emails and address books, so their targeting does not come as a surprise. It’s also thought that the group installed malware on servers so that they could gain access again in the future.
Who was impacted?
According to a report by the BBC, The National Cyber Security Centre (NCSC) has stated that around 7,000 servers had been impacted by the hack in the UK alone. The NCSC also revealed that the malicious software had also been found on 2,300 machines.
The hack itself is mostly a concern for both businesses and government departments with Microsoft saying they have “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.”
Are people concerned?
Following the attack, our team at Hicomply discovered that there were 90,500 searches for ‘Microsoft hack’ and 135,000 searches for ‘Hafnium’ globally on Google in March. Despite this surge in online searches, it’s thought that many companies aren’t even aware that the hack even took place.
There remains some concern around small and medium-sized businesses, who may not have the capacity or expertise to deal with such issues. Microsoft has urged users of the Microsoft Exchange Server to download its latest security update. However, with this communication to Microsoft users, hackers are still using this to their advantage to tap into unprotected email server systems at this current time.
What does this mean for your business?
It’s evident that cyber-attacks like this pose a great threat to businesses, their integrity, reputation, and relationship with their customers. If you do use the Microsoft Exchange Server, we do recommend that you update it to ensure that you are taking the appropriate measures to protect your data.
It’s important that as a business, you are taking extra precautions when it comes to protecting your organisations assets. In the last 12 months, 46% of UK businesses reported having a cybersecurity breach which resulted in high penalty fines – the average being £2.9m in 2020 according to IBM.
What is the solution?
These types of outcomes can be avoided. By implementing an Information Security Management System (ISMS), you can have confidence that you have all of the right policies and procedures in place when these events occur. Having this to an ISO 27001 certification standard will show that you are compliant with legislation relating to information security.
There are many benefits to having an ISMS, such as having a competitive edge on other businesses when competing for tenders, increased attractiveness to investors, and more. Can you really afford to be exposed to such danger? Make the appropriate investments and future-proof your business and its operations today - book your demo.
