Unwanted Emails Increase Security Risk

Unwanted Emails Increase Security Risk

By Greg Tavarez

Email is one of the main communication channels used for business as it allows easy organization to keep important conversations on record. With that said, it can also be one of the most frustrating, given the massive amount of unwanted or redundant emails.  Email is also one of the main methods bad actors use to launch cyberattacks.

A direct result is that nearly 41% of work emails are categorized as unwanted, a 0.5% increase from 2021, according to Hornetsecurity’s “Cyber Security Report 2023.” Of the unwanted emails, which tend to come with archive, HTML and word doc file types, 94.5% are spam or rejected outright due to external indicators and a little over 5% were flagged as malicious.

"This year's cyber security report shows the steady creep of threats into inboxes around the world,” said Hornetsecurity CEO Daniel Hofman. “The rise in unwanted emails is putting email users and businesses at significant risk. What's more, our analysis identified both the enduring risk and changing landscape of ransomware attack.”

Organizations continue to change their IT environments, relying more on cloud services such as Microsoft 365. Hornetsecurity did point out that Microsoft disabled macros settings in Office 365, and this resulted in an increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Because M365 naturally made it easy to share documents, end users often overlooked the ramifications of how files are shared as well as the security implications.

As a result, a quarter of users are unsure or assumed that M365 was immune to ransomware threats.

End users who show signs of uncertainty are prime targets for bad actors as they start to see the human firewall as a weak link and the potential gateway to a company’s confidential data. The new strategies by bad actors are seen in the Uber breach, where they used social engineering to steal credentials, and by impersonating popular brands such as Amazon and FedEx to attempt to lure end users through email.

“Companies must ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats," said Hofmann. “Ongoing training should be in place to counteract the psychological tricks applied by attackers.”

Hornetsecurity also recommends that organizations balance resources across IT and security to build that cyber resilience and maturity. There’s no point in the security team taking the blame and responsibility for the mistakes of other departments that lead to compromise.

An organization is cyber resilient when each part of the enterprise works together to keep the business secure and continuously improve to handle new threats.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More