Your inbox could be your Achilles heel: the rising threat of business email attacks
When it comes to cyber threats, knowing where to look and what to look for is half the battle. We dive deeper into how cyber threats are evolving in our latest edition of Email Security Risk Assessment (ESRA), which was featured in CISO MAG and covered by Channel News and mybusiness.
The Mimecast October 2019 ESRA report revealed that email-based impersonations, also known as business email compromise (BEC) attacks, had increased by 269% compared with the previous quarter.
BEC attacks often take the form of emails that contain dangerous files or malware attachments and are able to slip through many traditional email security systems.
This quarter alone, security providers missed up to 28 million spam emails and 60,495 impersonation attacks. What’s more, 28,808 malware attachments and 28,726 dangerous files found their way to users’ inboxes.
The increase in BEC attacks is a rising trend globally. The research in our State of Email Security 2019 report found that out of 1,025 global respondents, 85% had experienced an impersonation attack in 2018. 73% of those attacked experienced a direct impact on their business.
“This ESRA report pointed out that impersonation attacks continue to menace all types of organisations, but I think the real issue is that there are tens of thousands email-borne threats successfully able to bypass the email security systems that organisations’ have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails,” said Joshua Douglas, vice president of threat intelligence at Mimecast.
The threat posed by cyberattacks is only going to grow bigger. Cybercriminals are always looking for new ways to bypass traditional defenses and trick users into giving them access. To build cyber resilience against evolving attacks, the industry needs to invest more in research and development and make sure their security measures take into account everyday human behaviour. The best way to accomplish that is to raise awareness and make it easier for everyday users to become active participants in cybersecurity efforts.