Phishing and Ransomware – Still The Two Biggest Security Threats

Phishing and Ransomware continue to be the two most significant security threats in 2023 that consumers and businesses face together.

In 2022, cyber security professionals faced complex challenges in addressing the wider attack surface created due to their quick move to cloud-based operations and remote work over the preceding two years. Cyber attackers took advantage of newly identified vulnerabilities, such as those caused by the widespread use of third-party software, to execute Ransomware and other attacks.

Utilizing tools such as zero trust, XDR, automated threat intelligence technology, and more to bolster vulnerability management, cloud, email, and endpoint security has allowed organizations to take back control and make plans to invest further in the next two years to extra carefully secure their networks and data.

In 2022, security teams focused heavily on email security. However, attackers still had the advantage due to the increased number of business and personal devices that come with remote work.

Consider the compromise reported by American Airlines in September 2022. The company informed customers that a bad actor breached some employees’ email accounts in July, which led to the personal information of customers and employees potentially being exposed and accessed.

In September, a credential phishing attack targeted 16,000 emails from a nonprofit organization. The perpetrator pretended to be from American Express, asserting that all cardholders should open an attachment and contact the company for their account’s security.

These events show that when it comes to protecting email security, it is mainly a matter of people management, requiring security teams to tackle risks even if they are out of their hands.

In May 2022, the CyberRisk Alliance (CRA) released a Business Intelligence study of 221 U.S.-based security and IT leaders, security administrators, and compliance professionals, highlighting their continuing battle with email security.

Phishing and Ransomware Were The Main Issues In The Past Also

Exploited email vulnerabilities and phishing attempts have caused several cyberattacks over the past two years, leading to some bad results in some instances.

Phishing and Ransomware Were The Main Issues In The Past AlsoIn October, EyeMed Vision Care was fined $4.5 million by the state of New York for multiple security misconducts that played a role in their 2020 mega data breach through email. The consequences of this violation still affect both the company and its customers.

Results from a survey conducted in May of 2022 showed that the fears of similar email security issues were echoed, as demonstrated by the 221 security and IT leaders, executives, security administrators, and compliance professionals who responded to the survey. The participants all reside in the United States.

People reported experiencing email attacks daily, especially those targeting the Microsoft and Google email systems. These attacks rose significantly and encompassed phishing emails to obtain login information and malicious payloads, including traditional viruses and application macros running in Word or Excel.

A significant proportion of the respondents declared that their firms had gone through many email attacks, with around one-third reporting up to 25 seizures daily. On the other hand, approximately half (51%) of those polled noted having been subject to up to 25 instances of Business Email Compromise (BEC) daily, while one-fifth (21%) said they could not assess the amount of BEC attacks per day.

At least a portion of respondents (51%) were either very or worried about email assaults in the coming 12 months. Of all the email security worries, being liable for ransomware attacks was at the top for two-thirds of participants; after that was an upsurge in phishing and spoofing.

Not All Bad News, And Ways These Can Be Prevented

Due to the severe threats of email attacks, 68% of the respondents said their organization would allocate more funds for email security within the next twelve months. Most of these extra dollars will be put towards education regarding social engineering, configuration management, and BEC protection.

Indeed, training is a significant aspect of initiatives to battle social engineering. For example, security professionals have asserted that the most dependable way to prevent email spam from succeeding might be by educating your personnel to recognize fraudulent emails.

Technology can’t wholly halt phishing emails on its own — and neither can training ― but an appropriately informed and well-drilled employee can identify them most of the time. Moreover, when this stance is joined with DMARC, DKIM, and SPF, the chances of a breach plummet drastically.

An appropriate training program for employees who manage money should introduce them to BEC scams and the different techniques scammers use. (It’s safest to require two or more employee signatures to authorize large transfers too.) Ideally, employees ought to roleplay common BEC scenarios for a realistic experience.

Phishing and Ransomware – Still The Two Biggest Security Threats
Phishing and Ransomware Were The Main Issues In The Past Also
Scroll to top