Unwanted Emails Increase Security Risk

Unwanted Emails Increase Security Risk

By Greg Tavarez

Email is one of the main communication channels used for business as it allows easy organization to keep important conversations on record. With that said, it can also be one of the most frustrating, given the massive amount of unwanted or redundant emails.  Email is also one of the main methods bad actors use to launch cyberattacks.

A direct result is that nearly 41% of work emails are categorized as unwanted, a 0.5% increase from 2021, according to Hornetsecurity’s “Cyber Security Report 2023.” Of the unwanted emails, which tend to come with archive, HTML and word doc file types, 94.5% are spam or rejected outright due to external indicators and a little over 5% were flagged as malicious.

"This year's cyber security report shows the steady creep of threats into inboxes around the world,” said Hornetsecurity CEO Daniel Hofman. “The rise in unwanted emails is putting email users and businesses at significant risk. What's more, our analysis identified both the enduring risk and changing landscape of ransomware attack.”

Organizations continue to change their IT environments, relying more on cloud services such as Microsoft 365. Hornetsecurity did point out that Microsoft disabled macros settings in Office 365, and this resulted in an increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Because M365 naturally made it easy to share documents, end users often overlooked the ramifications of how files are shared as well as the security implications.

As a result, a quarter of users are unsure or assumed that M365 was immune to ransomware threats.

End users who show signs of uncertainty are prime targets for bad actors as they start to see the human firewall as a weak link and the potential gateway to a company’s confidential data. The new strategies by bad actors are seen in the Uber breach, where they used social engineering to steal credentials, and by impersonating popular brands such as Amazon and FedEx to attempt to lure end users through email.

“Companies must ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats," said Hofmann. “Ongoing training should be in place to counteract the psychological tricks applied by attackers.”

Hornetsecurity also recommends that organizations balance resources across IT and security to build that cyber resilience and maturity. There’s no point in the security team taking the blame and responsibility for the mistakes of other departments that lead to compromise.

An organization is cyber resilient when each part of the enterprise works together to keep the business secure and continuously improve to handle new threats.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

MSP Expo Sponsor Wildix Launches E-Learning Platform

By: Greg Tavarez    6/24/2024

MSP Expo sponsor Wildix launched its new e-learning platform designed to enhance training and certification processes for MSPs and system integrators.

Read More

Strategizing to Strengthen Asset Intelligence Capabilities, Courtesy of Sevco Security and GuidePoint Security Partnership

By: Alex Passett    6/24/2024

Last week, a new strategic reseller partnership was announced between Sevco Security and GuidePoint Security.

Read More

SUSE Launches Cloud Elevate Program

By: Stefania Viscusi    6/24/2024

SUSE announced a new SUSE One Cloud Elevate Program, designed to empower SUSE One partners to sell SUSE's open-source solutions more effectively.

Read More

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More