For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information. It’s not likely to stop there.
Recently, VIPRE Security Group published their Email Security in 2023 report, where they shared insights on the development of email-based threats and how they can impact organizations. What follows is an overview of some of the key findings from the report and some of the thing’s businesses can do to protect their employees and data.
Email Threats Are Becoming More Sophisticated
There are a number of ways that email can be leveraged to compromise the security of an organization, but the most prominent approach is phishing. In a phishing attack, an individual receives an email from a sender that seems legitimate with a request to share information, log into a system, or click a link. In this email, the bad actor pretending to be the sender may nefariously capture the individual’s authentication details or prompt a malicious download that then compromises the system. At this point, the bad actor has access to the information they were after.
Today, according to the Verizon 2022 Data Breach Investigation Report, phishing is one of the leading five tactics used to initiate data breaches. It’s a trend that’s growing. In 2022, email phishing attacks made up 24% of all spam emails — up from 11% in 2021. Given that phishing requires a relatively low lift for attackers, and has a fairly decent rate of return for them, it’s no surprise that there has been an increase in this trend.
The prevalence of phishing attacks has been bolstered by a number of risk factors, including:
As part of their report, the team at VIPRE made three predictions for the email security landscape this year.
#1 There will be more remote work-based attacks. Since remote work relies significantly on email as a form of communication, the statistical chance of a successful phishing attack only goes up. In addition, there is also a number of collaboration tools — like Asana, Slack, and Teams — that leverage email as a verification method, and that could be compromised.
#2 The “as-a-Service” economy is going to keep growing. Cybercriminals are finding out that they don’t need to be technical experts to execute their campaigns anymore. Now they can hire a team to do it for them. The potential of this growing space is dangerous, and companies need to stay on their toes.
#3 Small businesses are at risk. As bad actors opt for a more agile and efficient approach, they’re turning their attention to “easy” targets: small businesses. As large enterprises focus more on security, they are getting harder to penetrate, and smaller companies require less effort to infiltrate. This ultimately makes them more valuable to hackers.
Being aware of the threats is an important first step, but organizations need to also be well-positioned to protect themselves from these activities.
Just as the email threat landscape has evolved over the last decade, the same is true for email security. Today, companies have a wealth of options to choose from when it comes to strengthening their email security posture. These include:
There’s no time like the present to get started with these strategies. Investing in best-in-class systems now will ensure that you’re keeping pace with the ongoing evolution of email threats and keeping your company protected.
About the author
Ali Cameron is a content marketer that specializes in the cybersecurity and B2B SaaS space. Besides writing for Tripwire’s State of Security blog, she’s also written for brands including Okta, Salesforce, and Microsoft. Taking an unusual route into the world of content, Ali started her career as a management consultant at PwC where she sparked her interest in making complex concepts easy to understand. She blends this interest with a passion for storytelling, a combination that’s well suited for writing in the cybersecurity space. She is also a regular writer for Bora.
We are in the final!
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini
Please nominate Security Affairs as your favorite blog.
Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Email Security Landscape)