Despite being one of the oldest tricks in the book, email attacks still remain one of the most popular, and most efficient forms of cybercrime, new research has claimed.
The latest edition of the annual “State of the Phish” report from Proofpoint also found that following close on the heels of these attacks is ransomware, a devastating form of malware whose popularity is still showing no signs of abating.
Based on the company’s telemetry (more than 18 million end-user-reported emails; 135 million simulated phishing attacks in a year), as well as a survey of 7,500 employees and 1,050 security professionals across the world, the report found almost half (44%) of employees would trust an email holding “familiar branding”, while almost two-thirds (63%) think an email address always corresponds to the matching website or brand.
Business email compromise
Knowing this, it’s no wonder that three-quarters of global firms covered in the research reported a Business Email Compromise (BEC) attack last year. Most of the time, the attackers go after English-speaking firms, but non-English ones are starting to see higher volumes of attacks, as well, the researchers said.
Ransomware is also a major threat, the paper says. Globally, more than three-quarters (76%) experienced one such attack last year, with two-thirds (64%) actually falling victim. Around half (52%) regained access to their data after making the ransom payment.
Perhaps the most surprising finding of the report is that even today, basic cyber threats aren’t that well understood. Many of the survey’s respondents couldn’t properly define malware, phishing, or ransomware. Furthermore, just around half (56%) of global firms with a security awareness program train their staff on cyber security best practices, and just a third (35%) run phishing simulations.
This lack of awareness is also the weakest link in the cybersecurity chain, experts argue.
“The awareness gaps and lax security behaviors demonstrated by employees create substantial risk for organizations and their data,” said Adenike Cosgrove, VP, Cybersecurity Strategy, EMEA Proofpoint. “As email remains the favored attack method for cyber criminals and they branch out to techniques much less familiar to employees, there is clear value in building a culture of security that spans the entire organization.”