Email is the top vector for cyberattacks
Hot on the heels of a report showing that 40 percent of business emails have unwelcome content, comes another report revealing that email is now the top way of delivering cyberattacks.
The report from Tessian shows that 94 percent of organizations experienced a spear phishing or impersonation attack, and 92 percent suffered ransomware attacks over email this year.
Impersonation attacks (where attackers attempt to create legitimate-looking email addresses) were the most common type of advanced email attack in the first nine months of 2022. This type of attack also ranks as the top email threat security leaders are concerned about. On average, security leaders reported 148 impersonation attacks in 2022, followed by 141 spear phishing attacks and 138 email-based ransomware attacks.
Ransomware also continues to be a top threat with 92 percent of global organizations experiencing at least one email-based ransomware attack in 2022 and 10 percent of the security leaders surveyed saying they had received over 450 email-based ransomware attacks since January 2022.
While most organizations have a Secure Email Gateway (SEG) or native security from a cloud provider in place to keep employees secure on email. However, the report found that 62 percent of security leaders say advanced email threats bypassed SEGs in 2022. 99.5 percent of respondents recognize that AI and machine learning can enhance and improve email security, with faster threat detection (66 percent) and more accurate threat detection (56 percent) the top two AI benefits cited by security leaders.
"We all rely on email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business," says Josh Yavor, chief information security officer at Tessian. "We can also expect threats to continue to expand into other communication platforms like instant messaging tools, personal email or social media accounts as attackers seek to evade detection."
Insider email threats remain a problem too, 63 percent of security leaders say that their staff exfiltrated data over email in 2022, while 92 percent of companies experienced a data breach caused by an end-user making a mistake on email -- such as sending an email to the wrong person or failing to send the correct attachment.
You can find the full report on the Tessian site.