Why Email Security Matters
Despite the increasing popularity of instant messaging, video calls and other collaboration tools, email remains a core business tool for modern organizations. The number of emails exchanged globally per day is expected to exceed 376.4 billion by 2025. Due to its high importance in today’s business landscape, emails have become the weapon of choice for cybercriminals to launch sophisticated attacks.
Emails are the entry point for several types of cybercrime including phishing, ransomware, malware and business email compromise (BEC). More than 90% of all dangerous ransomware and malware enter an organization via email. According to Verizon’s 2021 Data Breach Investigations Report, 36% of data breaches involved phishing.
Today, all business communications, from internal announcements to sales reports, are done through email. That’s why email security should be the centerpiece of your organization’s cybersecurity strategy to ensure confidential data remains confidential when your employees send and receive emails.
Why emails are easy targets for cybercriminals?
Email-related threats increased significantly since the onset of the COVID-19 crisis and continue to remain a serious threat to businesses even today. Phishing attacks are so successful because they are targeted and convincing, making them extremely hard to spot and prevent. While human error is regarded as one of the top causes of email attacks, the increasing frequency and complexity of email-based attacks cannot be overlooked. The 2021 Tessian research found that employees receive an average of 14 malicious emails per year. With email attacks constantly evolving, traditional email security solutions like filters or built-in tools are not enough to repel today’s sophisticated phishing threats.
The shift to remote work provided an advantageous opportunity to cybercriminals as reliance on email for communication grew further. A lack of security awareness training is one of the main reasons why email-based attacks have been so successful. According to security awareness training provider KnowBe4, about 38% of untrained end users would fail a phishing test. The company’s 2021 Phishing Industry Benchmarking Report revealed careless clicking drops significantly after 90 days and 12 months of security awareness training. Educating your employees to spot some of the most common techniques used to deliver malicious emails can go a long way towards reducing your organization’s susceptibility to these attacks.
Types of data cybercriminals are after
According to Verizon’s 2021 Data Breach Investigations Report, the top three types of data cybercriminals look to compromise via phishing attacks are:
- Credentials: Usernames, passwords and pin numbers
- Personal data: Name, address, email ID, phone number, social security number, etc.
- Healthcare records: Treatment information, medical record number, insurance claims, etc.
Consequences of successful phishing attacks
The Proofpoint’s 2022 State of the Phish report found security leaders citing the following consequences of successful phishing attacks:
- Around 60% of organizations lost data
- More than 50% of organizations had credentials or accounts compromised
- More than 45% of organizations were infected with ransomware
- Nearly 30% of organizations were infected with malware
- About 20% of organizations experienced financial losses
Popular impersonated brands you should watch out for
The Check Point’s Brand Phishing Report 2021 found threat actors impersonating leading brands to trick people into disclosing their personal information. Listed below are popular brands that cybercriminals imitated to deliver malicious emails:
- Microsoft (45%): Nearly half of the phishing emails used spoofed Microsoft email addresses to steal credentials.
- DHL (26%)
- Amazon (11%)
- Best Buy (4%)
- Google (3%)
Since these are popular, well-established brands, people trust them easily and divulge personal information without thinking twice.
Phishing trends
Cybercriminals are getting smarter and their techniques more sophisticated. Malicious emails today are designed to evade traditional detection mechanisms like spam filters. More than 75% of IT leaders said the C-Suite is most likely to be targeted by phishing attacks. Here are some of the top phishing methods cybercriminals use to infiltrate organizations:
Impersonating brands: One of the most popular techniques used to deliver phishing emails is brand impersonation. An example would be using a fake Microsoft account to send the target an account expiry phishing email, asking him/her to click on the provided link to resolve the issue.
Phishing websites: These websites are another means of launching phishing attacks. Google proactively warns its users about unsafe sites and has issued nearly four million warnings as of September 2021. Cybercriminals create fraudulent websites that appear to be genuine by mimicking the sites of giant corporations to attract users. As per F5 SOC statistics, most phishing sites used encryption, with more than 70% using valid HTTPS certificates to deceive victims.
Malicious attachments: Another popular method is malicious file attachments. According to 2021 Tessian research, PDF files are the most common malicious attachments that come with phishing emails. The PDF file format allows cybercriminals to conceal malicious links, run JavaScript and distribute fake invoices. However, with businesses training and educating their employees to be careful with suspicious-looking emails, cybercriminals are noticing this shift. The research also found that more than 75% of malicious emails did not have an attachment.
Protect your business from advanced email threats with a layered strategy
Email is the No.1 threat vector. Your employees receive an average of 14 malicious emails per year. One careless click can put your business on the path to a cybersecurity disaster. Therefore, a layered data protection strategy is vital to combat today’s advanced email threats.
Graphus — the world’s first automated phishing defense platform — and Spanning SaaS backup work in tandem to build a strong defense against phishing attacks.
Spanning Backup for Microsoft 365, Google Workspace and Salesforce provides end-to-end data protection. Its powerful yet easy-to-use capabilities for administrators and end users empower them to find and restore data effortlessly. This helps save time and enhance productivity.
Employees can’t click on an email that they don’t get. That’s the biggest reason why automated phishing protection with Graphus is a smart move for every business. The patented algorithm uses predictive reasoning and pattern recognition to create trusted email profiles based on your staff’s email traffic patterns. TrustGraph compares incoming communications to these profiles to detect and prevent sophisticated phishing attacks.
TrustGraph not only checks a message against a safe sender list, but it also analyzes the content of messages using over 50 different attributes of your employees’ communications and learns to spot and stop suspicious messages before they land in anyone’s inbox. Plus, it never stops improving your protection. Machine learning ensures that Graphus learns from every interaction, tailoring your company’s protection to meet its unique needs.
A robust phishing defense combined with a reliable SaaS data backup solution creates a strong, multi-layered level of security that can save your organization time, money and resources.
See how Spanning securely backs up and helps restore your Microsoft 365, Google Workspace and Salesforce data.
