Report Finds Email Attacks Wreaking Havoc on Organizations
A new study has found that email is now the top threat vector for cyberattacks, with 20% of advanced attacks breaching cyber defenses.
Enterprise email is now the top threat vector for cyberattacks, and 20% of advanced email attacks are breaking through cyber defenses, according to a new report from email security company Tessian.
The report sheds new light on how email has remained the “lifeblood” of any organization’s communication tools despite the proliferation of messaging and videoconferencing platforms such as Zoom, Microsoft Teams, Google Meet, Slack, and others. The pandemic accelerated the use of those platforms, but the number of emails sent and received per day is still rising steadily, jumping from 306.4 billion in 2020 to nearly 320 billion in 2021 and an estimated 333.2 billion this year.
According to Tessian’s “State of Email Security Report,” 94% of organizations experienced a spear phishing or impersonation attack, and 92% suffered ransomware attacks over email this year. Impersonation attacks were the most common and rank as the top email threat that security leaders are concerned about.
On average, security leaders reported 148 impersonation attacks in 2022, followed by 141 spear phishing attacks, and 138 email-based ransomware attacks, the report says. Over a third (37%) of IT and security leaders said the most prevalent impersonation was threat actors posing as employees, followed by vendors (32%), and executives (31%).
The report also dives into ransomware delivered via email, finding that 92% of global organizations have seen at least one email-based ransomware attack in 2022, and 10% say they have received more than 450 such attacks this year.
In addition, almost three-quarters (72%) of security leaders experienced account compromise or takeover in 2022, the report found, which suggests that organizations are still not taking email and credential compromise seriously.
“We all rely on email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business,” says Josh Yavor, chief information security officer at Tessian. “We can also expect threats to continue to expand into other communication platforms like instant messaging tools, personal email or social media accounts as attackers seek to evade detection.”
Yavor also calls on organizations to deliver proactive security training that addresses common types of email threats, tailored to roles and departments.
“Company cultures also play a significant role in protecting employees,” Yavor adds. “Security leaders should emphasize a culture that builds trust and confidence, which will ultimately improve security behaviors.”
This article originally appeared in CS sister publication MyTechDecisions.com and has been edited. Zachary Comeau is TD’s editor in chief.