Quick thoughts on the Parliamentary email attack of the last few days:

Apparently “only” 1% of 9,000 accounts were compromised
Using words like “only” or “just” in relation to the 90-or-so email accounts hacked is ridiculous.
Because to cause merry havoc in an organisation, hackers only need access to one email account.
Because once inside one email account, hackers can email others within the organisation impersonating the account holder.
If your colleague gets emailed a link, and it seems to come from you, there’s a high chance they’re going to click the link, right?
And hackers can also scour that one email account they’ve hacked for passwords that may open other doors within the organisation
(Remember that time you emailed your colleague to ask for the password to the corporate Twitter account? If a hacker breaks into your inbox, that’s exactly the kind of email they’ll be hunting for)

I’d imagine GCHQ are now analysing the hacked Parliamentary email accounts for exactly this kind of behaviour – but for the moment, please let’s not breathe a big sigh of relief because it’s “only” 90-or-so victims….