When a cybersecurity health check turn into a breach investigation!
Recently, we conducted a Cybersecurity health check of one of our customers and collected information about their I.T services. “Was it business as usual” ? Or was there something unknown happening beneath the surface?
During our engagement, we collected Cybersecurity data using our systematic and industry-proven approach to their business services. This was not a breach investigation. We validated the existence or lack of cybersecurity controls and went through their Office 365 implementation as part of the scope of review.
One critical control was missing: multi-factor authentication (also called 2-step verification). While reviewing email forwarding rules, we found forwarding rules to emails outside of their organization with unusual names and business domains. Most of them involved the executives of the company.
This discovery was not expected, nor optimal! This was when the engagement took a different turn of events and became extended to a breach investigation. It turned out that an administrator account had been breached, and executive information was being watched and collected. Thankfully, our review helped identify the problem, and our processes helped correct it.
Maybe it’s time for a review of your business’s infrastructure? It’s always better to be preventative then reactionary!