Unwanted Emails Increase Security Risk

Unwanted Emails Increase Security Risk

By Greg Tavarez

Email is one of the main communication channels used for business as it allows easy organization to keep important conversations on record. With that said, it can also be one of the most frustrating, given the massive amount of unwanted or redundant emails.  Email is also one of the main methods bad actors use to launch cyberattacks.

A direct result is that nearly 41% of work emails are categorized as unwanted, a 0.5% increase from 2021, according to Hornetsecurity’s “Cyber Security Report 2023.” Of the unwanted emails, which tend to come with archive, HTML and word doc file types, 94.5% are spam or rejected outright due to external indicators and a little over 5% were flagged as malicious.

"This year's cyber security report shows the steady creep of threats into inboxes around the world,” said Hornetsecurity CEO Daniel Hofman. “The rise in unwanted emails is putting email users and businesses at significant risk. What's more, our analysis identified both the enduring risk and changing landscape of ransomware attack.”

Organizations continue to change their IT environments, relying more on cloud services such as Microsoft 365. Hornetsecurity did point out that Microsoft disabled macros settings in Office 365, and this resulted in an increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Because M365 naturally made it easy to share documents, end users often overlooked the ramifications of how files are shared as well as the security implications.

As a result, a quarter of users are unsure or assumed that M365 was immune to ransomware threats.

End users who show signs of uncertainty are prime targets for bad actors as they start to see the human firewall as a weak link and the potential gateway to a company’s confidential data. The new strategies by bad actors are seen in the Uber breach, where they used social engineering to steal credentials, and by impersonating popular brands such as Amazon and FedEx to attempt to lure end users through email.

“Companies must ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats," said Hofmann. “Ongoing training should be in place to counteract the psychological tricks applied by attackers.”

Hornetsecurity also recommends that organizations balance resources across IT and security to build that cyber resilience and maturity. There’s no point in the security team taking the blame and responsibility for the mistakes of other departments that lead to compromise.

An organization is cyber resilient when each part of the enterprise works together to keep the business secure and continuously improve to handle new threats.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

PrinterLogic Solidifies Commitment to Customer Data Security with ISO Certification

By: Greg Tavarez    3/29/2023

PrinterLogic's SaaS platform received International Organization for Standardization 27001:2013 certification to mark its commitment to constantly imp…

Read More

FinOps-as-a-Service will be a Massive Threat or Opportunity for MSPs

By: Matthew Vulpis    3/29/2023

The rapid rise of FinOps should be seen as a bountiful opportunity for MSPs, as the core concepts make FinOps the ideal program for MSPs to drive.

Read More

Mutare Brings Together Cybersecurity Community to Raise Vishing Awareness

By: Greg Tavarez    3/28/2023

Mutare is collaborating with government agencies, business coalitions and private industry in an educational campaign to raise awareness of the risks …

Read More

Only 15% of Organizations Deemed Mature Enough to Defend Against Cybersecurity Risks

By: Greg Tavarez    3/28/2023

Fifteen percent of organizations globally have the maturity level of readiness needed to be resilient against today's modern cybersecurity risks, acco…

Read More

Opti9 Offerings Strengthen Veeam Customers' Security Stacks

By: Greg Tavarez    3/28/2023

Opti9 introduced its standalone offerings for Veeam, which are managed services for Veeam Software and its AI-based ransomware detection and remediati…

Read More