We want to monitor all company email accounts. We are adding coverage on @företaget.com and @företaget.se. We are also adding alarms to two employees in the IT department, martin@företaget.se and tommy@företaget.se.
Johan is in the finance department and has the email address johan.pettersson@företaget.se. He has a number of services that he uses daily. One of the services recently suffered a data breach where a large amount of accounts and passwords were leaked. As many other companies have done before, this company chose to “put the lid on” and silence the leak instead of informing about it.
A few days after the attack, the entire database is put up for sale, including all passwords.
Our system matches the contents of the database and finds the @företaget.se account and sends an alarm to Martin and Tommy in IT.
The actions that Martin and Tommy now need to take are minimal. A simple check of the logs and a password reset will suffice. The workload for everyone involved is minimal and without leaked data or damage to systems. If the account had been out for a longer period of time and the system had been exposed to a real cyber attack, the outcome would have looked very different.