75% of Businesses Ready for ‘Serious’ Email Attack In 2023, Are You?
According to the 2023 State of Email Security (SOES) report, IT security leaders at three out of every four global businesses anticipate that an email-borne attack will have serious repercussions for their organisation in the upcoming year, with the increasing sophistication of attacks being a top concern. The report recommends that organizations adopt a comprehensive approach to email security, including employee education, multi-factor authentication, and advanced threat protection solutions.
The 2023 SOES report found that businesses are using email more frequently, with 82% of businesses reporting a higher volume of email in 2023 compared to the past two years. Consequently, email-based threats have also increased, with 74% of respondents confirming their rise in the past 12 months. Even though there are more threats, the report states that the rising sophistication of email attacks is more alarming. Also, cybercriminals are continuously improving and modifying their strategies. With the availability of malware kits on the dark web, even ordinary criminals can utilize highly advanced methods of intrusion. For 59% of respondents, the biggest concern is the rising sophistication of email attacks, and 76% believe that an email-borne attack will have serious repercussions for their organisation in the upcoming year. Out of these, 7% consider such an attack to be inevitable, while three out of ten respondents believe it to be extremely likely.
Hybrid Working and AI Advancements are Compounding the Issue.
Email-driven attacks have increased in volume and velocity since the adoption of hybrid working, and recent developments in AI technology have made the problem worse. Threat actors have become adept in their ability to steal data through the proliferation of social engineering attacks, shifting their focus from targeting the larger enterprise network itself to capitalizing on the vulnerable behaviors of the individual employee, according to a recent report. To combat these growing threats, companies must prioritize email security by implementing strong access controls, email filtering, and employee awareness programs.
The emergence of AI and Large Language Models (LLMs) such as ChatGPT will lead to the refinement of human-centric attacks, with threat actors seeking to eliminate well-known signs of an email attack like spelling or grammatical errors. In addition to attacks that focus on extracting sensitive data from an organization through individual employees, brand impersonation attacks present another level of risk. While these attacks may not initially result in tangible monetary losses or compromise sensitive customer data, they could ultimately harm the entire brand identity.
Most Prevalent Email Threats: Phishing, Ransomware, and Spoofing
The most frequent email-borne threats respondents and their businesses encounter are phishing, ransomware, and spoofing, the report found. Significantly, 84% of security decision-makers reported that over the previous 12 months, at least one of these attacks had increased, with phishing being the most prevalent. The majority of respondents (59%) reported that they had encountered more phishing attacks than in previous years, with large businesses with more than 10,000 employees reporting this more frequently (71%). Out of the overall respondents, 80% of respondents admitted to having experienced at least one phishing attack in which the danger was spread from one infected user to another.
As cybercriminals continue to develop more sophisticated tactics to evade traditional security measures, investing in advanced email security solutions like AI-based threat detection and incident response is becoming increasingly necessary to protect businesses against email-based threats.
The report revealed that ransomware was a significant threat, with 66% of the respondents reporting being a victim of such attacks in the last year. Small businesses were hit the hardest, as per the admission of two-thirds of the respondents. Furthermore, the report showed that certain industries were more vulnerable to ransomware, with over 80% of organizations in the consumer services, energy, healthcare, and media, and entertainment sectors suffering significant damage due to such attacks. Improving email security by implementing robust anti-phishing measures and regular backups can help organizations enhance their defense against ransomware attacks.
The report shed light on email spoofing, highlighting that an overwhelming majority of the respondents, i.e., 91%, were aware of the attempts to misuse their email domains. Additionally, close to half of the respondents, or 44%, witnessed an upsurge in such fraudulent activities in 2022. Notably, government agencies and other public institutions were hit the hardest, with more than half, or 54%, of the organizations reporting an increase in email spoofing attempts. Despite the evident risks posed by email spoofing, less than a third, or 29%, of the participants believed that their businesses were entirely prepared to handle the illegitimate use of their email domains. The survey revealed that while 88% of companies planned to utilize the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol to thwart email spoofing in the next year, only a small proportion, i.e., 27%, have deployed it thus far.
Defending Against Ever – Evolving Email Threats
As hybrid working structures continue to gain traction and become the new norm, businesses, and organizations must proactively take steps to bolster their defenses against the ever-evolving tactics and techniques employed by cybercriminals in email attacks. According to Addison, this requires organizations to adopt reliable email and collaboration security tools that provide real-time protection and response capabilities for their communication channels. To optimize threat intelligence sharing, it is also essential that these products safeguard third-party integrations, and ensuring end-to-end email security must be a top priority for businesses.
Moreover, recent advancements in artificial intelligence (AI) present both opportunities and risks for organizations and threat actors. Addison emphasizes that security teams can benefit from adopting and integrating AI-enabled tools, which can work in tandem with human intelligence to simplify complexities and maximize email security and collaboration tools. By leveraging AI, organizations can identify patterns and anomalies that may otherwise go unnoticed, improving their ability to detect and respond to emerging threats in a timely and efficient manner.
Overall, businesses and organizations must remain vigilant and invest in cutting-edge email security solutions and technologies that can effectively mitigate the risks posed by email attacks. Only by taking proactive steps and staying ahead of the curve can organizations ensure the safety and security of their communication channels, even in the face of constantly evolving threats.
Get Ahead of the Competition with ESDS’s Innovative Solutions
We understand that in today’s fast-paced business world, speed is everything. That’s why we’re here to help organizations operate at breakneck speeds with our secure and reliable cloud email environment.
At ESDS, we recognize that seamless communication is essential to the success of any business. That’s why we’ve developed our patented eNlight Cloud, which offers a secure and compliant platform that is fully scalable and guarantees the constant availability of email services. With ESDS, you can focus on what matters most – growing your business – and leave the hassle of email security and management to us. Don’t let insecure email services hold you back – partner with ESDS today and take your business to new heights!
- 5 Essentials To Boost Your Cyber Resilience - March 29, 2023
- 75% of Businesses Ready for ‘Serious’ Email Attack In 2023, Are You? - March 2, 2023
- SoC-as-a-Service Benefits by Industry - February 20, 2023