Business applications targeted in phishing campaigns
Business-related applications such as Zoom, Microsoft and DocuSign, now account for 45 percent of impersonation-related phishing attacks as cybercriminals seek to cash in on the vulnerabilities of remote work.
This is one of the findings of a new report from email security company GreatHorn which collected data from over 580 participants working across a diverse set of roles within the information technology security market.
Although daily occurrences of phishing attacks have decreased from 36 percent to 25 percent between 2020 and 2021, weekly and monthly phishing attacks have increased from 28 percent to 42 percent and 11 percent to 17 percent, respectively. These attacks are increasingly difficult to detect as cybercriminals become more sophisticated and targeted in their attacks -- advancing beyond the 'batch and blast' methodology to social engineering campaigns.
The effect of all this is that the quantity of phishing attempts being experienced by organizations each day may have decreased, but the impact of those campaigns that bypass traditional email security is increasing.
"In today's email security environment, it is impossible to catch every phishing attack. The results of this benchmark report indicate that cybercriminals are relentless and continue to advance their techniques to exploit systems and people." says Kevin O'Brien, co-founder and CEO of GreatHorn. "Email security providers must shift their approach to understanding and controlling threat vectors in order to analyze deviations from the norm. Only from there can they create automated defense systems that produce a layered approach to mitigating risk."
Among the report's other findings, missing phishing attacks remains the top issue in current email security solutions with 39 percent of respondents noting this as a top concern in both 2020 and 2021.
Fewer organizations report being satisfied with their current email security solution, decreasing from 76 percent in 2020 to 53 percent in 2021. On the other hand, organizations reporting their email security solution was 'good enough' increased from 19 percent in 2020 to 36 percent in 2021.
The full report is available from the GreatHorn site.