Deloitte has been in the news entire September. The month began with the announcement that company made a record revenue of $38.8 billion for the fiscal year that ended on 31 May. End of September was not equally pleasing for the company. A cyber-attack affecting the email server of Deloitte was confirmed by the company.


Attack on Deloitte: What, How and How Much?

One of the ‘Big 4’ accounting firms, Deloitte announced on 25 September that email services of the company, which is hosted on Microsoft Azure. Hosting services don’t hold blame for the reach. The attack was executed by accessing the email server using an administrative account.

The administrative account held the unrestricted and privileged access to 5 million emails. However, the intruded emails are supposedly very few in comparison and Deloitte claims that they are trying to trace down activities of the attacker to know the level of the breach.

Emails of several blue-chip companies and some US government departments that are clients of Deloitte are believed to have been impacted. The US departments of defence, state, energy, etc. among the clients that were vulnerable to the attack.

Considering that email breach meant potential access to usernames, passwords, and other sensitive data, consequences of the attack can be critical. Any threat or indication of the attacker has not be informed till now.


Lessons to learn from the attack

In 2012, Deloitte was ranked as the best security consultant by Gartner. Half of the decade later, the company has the misfortune of being in the news as a victim of cyber-attack. It points to the unbiased nature of cyber-criminals towards habitats of the cyber world – if there is a vulnerability, they will make use of it.

As per the details of the attack that have been made public so far, here are the ways such vulnerabilities could be patched.

1. Two Factor Authentication (TFA)

A secure password performs a vital job with digital protection. Though it’s limitations, especially with remotely accessible content, make a potential way for attack once it is breached or compromised. Two Factor Authentication (TFA) or Two-Step Verification strengthens the security level further to the password.

Once the correct password is provided, login will demand another one-time authentication password, which is generated only after correct password is used.

Unlike passwords, it is used only once and that too within a specific time limit or else it expires. So, getting a hand on expired TFA code will not be of any use for the attacker. TFA code is delivered over text or email generally. Some account login services are now offering authenticating-applications as well.

The attack on Deloitte is a loud example of the importance of TFA. Reports suggest that the admin account using which the attack was executed did not have Two-step verification enabled for the account. Modern accounting professionals have associations with several applications that offer remote accessibility, such as – hosted accounting application, banking applications, email applications, etc.

Since most of such applications are integrated with one another, proper security with each of them is essential to safeguard the crucial data.

2. Cloud Access Security Broker (CASB)

Cloud is an important requisite for the modern-day accounting demands. Cloud Access Security Broker (CASB) is a mediator between the user and the service provider that deploys various security layers to protect data and applications. The attack on Deloitte is supposedly affected by accessing the account from a device that does not belong to the account user.

CASB can restrict the access to the account only to the permitted devices for the users. Any attempt of logging in to the account from the unregistered devices can be blocked and reported. In case your accounting requirements do not support the device restrictions, there are other CASB policies that can be adopted as a genuine CASB service can identify the possible fraudulent access attempts.

For example, an account regularly logged in from any a location traces log in attempt from a changed location will demand additional security checks for the login, such as – security answer, OPT confirmation over email, etc.

There are several other user or account behavior activities that CASB can trace in real-time and accordingly take actions to protect the malicious access attempts. As a user, opting for a CASB can be costly solutions. So, picking a service provider that either has deployed CASB or already practices methods to identify the attacks is a smarter solution. For larger firms that are working on the private cloud, CASB is an intelligent pick.

Wrapping Up

A few weeks back, we had discussed recent ransomware attack on cloud service providers. A few days later, a different form of attack on Deloitte surfaced. Clearly, digital data hosted over cloud has a lot to improve before it could end questions over its security potential.

At the same time, the carefree modus operandi at the user end is a totally different side and there is little that could be done about it from the service provider’s end. Gartner has predicted 95% of the cyber attacks will be a result of customer’s failure by the year 2020. Educating the users about cloud usage can make a big difference.


  1. Deloitte hit by cyber-attack revealing clients’ secret emails
  2. Cloud access security broker and the cloud-based business role

Talk to Us