Email threats, phishing, impersonation, and advanced email threats are on the rise, and Tessian’s State of Email Security Report shares valuable intel into how significant these threats have gotten. This text summarizes the report’s findings and shares how organizations can protect against advanced email threats in the coming time.
Cybersecurity threats are dynamic and ever-evolving, with threat actors continuously attempting to access organizational networks to go after the crown jewels, data. These growing cyber threats target the most preferred business communication channels, i.e., emails, and force CISOs to work long hours to keep these threat actors at bay.
Cybercriminals are attacking from all fronts, from baiting users with social engineering to infiltrating trusted service providers and organizations. After surveying over 600 worldwide IT and security leaders, here are the key findings of the state of email security in 2022. Let us have a look.
Key Findings
- 71% of security leaders were targeted in 2022 with credential stealing or account compromise via advanced email attacks.
- 92% of organizations faced a data breach due to an end-user email error.
- Less than half, 45% of organizations are utilizing next-gen email security solutions.
- Advanced email attacks are successful in 1 out of 5 attacks.
- Organizations with greater than 1000 employees are twice as targeted with spear phishing and email impersonation compared to organizations with a lesser number of employees.
Email Communication Still the Life of an Organization
With the proliferation of messaging platforms and digital workspaces, emails remain at the top as the primary mode of communication within an organization. With over 333.2 billion emails sent and received each day in 2022, the number is predicted to cross the 376 billion mark by 2025, as shown below.
Such a heavy reliance on emails is also recognized by threat actors, which is why phishing remains the top choice to infiltrate organizational networks for initial access so cyber criminals can move deeper and compromise highly valued data.
(Emails Exchanged Worldwide per Day, Source: State of Email Security 2022)
The Current State of Phishing and Advanced Email Threats 2022
Phishing has persisted as one of the easiest cyberattacks to access organizational networks due to its success rate. Did you know that 30% of organizations have experienced at least 30 phishing attacks in the US, which is higher than the worldwide average of 26?
With an average of 37 successful phishing attacks in 2022, these phishing attacks led organizations to
- Credential or Account Compromise in 32% of cases
- Ransomware Deployment in 32% of cases
- Financial Losses in 34% of cases
- And Customer or Client Data Breaches in 39% of cases
Furthermore, 20%, i.e., one in every five advanced email threats, is successful. These advanced email threats include spear-phishing campaigns and targeted messages from threat actors impersonating trusted individuals or services.
Threat actors use advanced email threats and tactics to socially engineer individuals and employees into clicking malicious links, sharing sensitive information, and complying with fraudulent requests such as fake invoices, subscriptions, and more.
Where 94% of worldwide organizations experienced spear phishing, this number rose to a whopping 99% in the US. Some other alarming findings of phishing and advanced email threats discovered by Tessian include:
- Cybersecurity professionals received 148 impersonation attacks, 141 spear phishing emails, and 135 ransomware attacks in emails.
- 1 in 10 digital organizations receives high volumes of advanced email threats, with 11% receiving over 450 spear phishing and 12% receiving the same number of impersonation emails.
(Average Email Threats Experienced by Global Organizations, Source: State of Email Security 2022)
As seen in the above illustration, global organizations faced bulk phishing campaigns the most, followed by spear phishing, impersonation attacks, and email-based ransomware.
How have Cyber Attacks Changed?
- Account Compromise and Impersonation: Threat actors have evolved their tactics but are also getting adept at cloaking their malicious activities. When threat actors acquire genuine credentials, they utilize them for sophisticated attacks, posing as another identity. Furthermore, it is challenging for individuals receiving emails from trusted accounts to recognize a threat actor in disguise. With 71% of security leaders discovering account credentials utilized in email attacks, CEOs, managers, third-party vendors, and even internal sources are unsafe.
- Bypassing Traditional Defenses: Did you know that 62% of global security leaders noticed advanced email threats bypassing SEGS (Secure Email Gateway) in 2022? Threat actors are side-stepping security protocols with advanced techniques, begging the need to develop and deploy next-generation AI-powered (Artificial Intelligence) tools, so these malicious artists are detected rapidly and accurately.
Executives and Bigger Organizations are Targeted More
Emails are leveraged for malware payloads, network reconnaissance, and stealing credentials for initial access. Threat actors are impersonating employees to trick end users into leaking sensitive information. However, the rest of the organization’s individuals and partners are also unsafe since vendors are imitated in 32%, and C-Suite is impersonated in 31% of impersonation cases.
On the other hand, organizations with a significant number of employees undergo more email attacks than their smaller counterparts. Organizations under 250 employees receive email attacks where threat actors pose as board members or investors. In contrast, larger organizations receive more email attacks with malicious actors impersonating fellow workforce or vendors.
How Security Leaders are Exposed due to Insider Attacks
Insider threats still pose significant risks in multiple ways. The exfiltration of sensitive data is mainly attributed to staff mistakes, with 63% of security leaders saying that their workforce exfiltrated some form of data and 92% of organizations reporting that data breaches were caused due to employee emailing mistakes such as sending it to the wrong channel, sending incorrect attachments, and more.
To curb this, organizations need to adopt smart solutions to boost email security, provide control to security teams, and enhance visibility. Furthermore, conventional approaches to user training need to be considered and implemented so that it is neatly embedded into the organization and its employees. A primary approach for security leaders should be to bolster training with detection and prevention technologies that consider the existing threats.
How Automation can Curb Email Threats
99.5% of worldwide organizations have recognized the benefits of using AI and ML (Machine Learning) techniques in email security since these boost organizational security where humans fail to. Automation is necessary to alleviate email security burdens, so security teams can take a breath to focus their efforts and become productive. Automation has aided global organizations in
- Faster Threat Detection
- More Accurate Threat Detection
- Better Vulnerability Management
- Reducing Duplicative Processes
- Alleviating Burdens on Security Teams
With such benefits, organizations definitely need to invest in AI and ML tools to strengthen their cybersecurity and email security suite.
Final Words
Threat actors may be continuously targeting email channels, but cybersecurity defenders are becoming effective in dealing with such actors and keeping organizations secure. Organizations will adopt cloud technologies more, and the threat of data loss via email and social engineering will increase. And so will attempt to perpetrate fraud, deliver malware payloads, compromise organizational systems, and the frequency of all cyberattacks.
The core of security response for any organization to tackle such dynamic threats should be efforts concentrated on training the workforce with tailored security awareness programs and investing in AI-powered email security solutions for advanced protection and prevention of cyberattacks.