Email is one of the main communication channels used for business as it allows easy organization to keep important conversations on record. With that said, it can also be one of the most frustrating, given the massive amount of unwanted or redundant emails. Email is also one of the main methods bad actors use to launch cyberattacks.
A direct result is that nearly 41% of work emails are categorized as unwanted, a 0.5% increase from 2021, according to Hornetsecurity’s “Cyber Security Report 2023.” Of the unwanted emails, which tend to come with archive, HTML and word doc file types, 94.5% are spam or rejected outright due to external indicators and a little over 5% were flagged as malicious.
"This year's cyber security report shows the steady creep of threats into inboxes around the world,” said Hornetsecurity CEO Daniel Hofman. “The rise in unwanted emails is putting email users and businesses at significant risk. What's more, our analysis identified both the enduring risk and changing landscape of ransomware attack.”
Organizations continue to change their IT environments, relying more on cloud services such as Microsoft 365. Hornetsecurity did point out that Microsoft disabled macros settings in Office 365, and this resulted in an increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Because M365 naturally made it easy to share documents, end users often overlooked the ramifications of how files are shared as well as the security implications.
As a result, a quarter of users are unsure or assumed that M365 was immune to ransomware threats.
End users who show signs of uncertainty are prime targets for bad actors as they start to see the human firewall as a weak link and the potential gateway to a company’s confidential data. The new strategies by bad actors are seen in the Uber breach, where they used social engineering to steal credentials, and by impersonating popular brands such as Amazon and FedEx to attempt to lure end users through email.
“Companies must ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats," said Hofmann. “Ongoing training should be in place to counteract the psychological tricks applied by attackers.”
Hornetsecurity also recommends that organizations balance resources across IT and security to build that cyber resilience and maturity. There’s no point in the security team taking the blame and responsibility for the mistakes of other departments that lead to compromise.
An organization is cyber resilient when each part of the enterprise works together to keep the business secure and continuously improve to handle new threats.
Edited by
Erik Linask
