Unwanted Emails Increase Security Risk

MSP TODAY NEWS

Unwanted Emails Increase Security Risk

By Greg Tavarez

Email is one of the main communication channels used for business as it allows easy organization to keep important conversations on record. With that said, it can also be one of the most frustrating, given the massive amount of unwanted or redundant emails.  Email is also one of the main methods bad actors use to launch cyberattacks.

A direct result is that nearly 41% of work emails are categorized as unwanted, a 0.5% increase from 2021, according to Hornetsecurity’s “Cyber Security Report 2023.” Of the unwanted emails, which tend to come with archive, HTML and word doc file types, 94.5% are spam or rejected outright due to external indicators and a little over 5% were flagged as malicious.

"This year's cyber security report shows the steady creep of threats into inboxes around the world,” said Hornetsecurity CEO Daniel Hofman. “The rise in unwanted emails is putting email users and businesses at significant risk. What's more, our analysis identified both the enduring risk and changing landscape of ransomware attack.”

Organizations continue to change their IT environments, relying more on cloud services such as Microsoft 365. Hornetsecurity did point out that Microsoft disabled macros settings in Office 365, and this resulted in an increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Because M365 naturally made it easy to share documents, end users often overlooked the ramifications of how files are shared as well as the security implications.

As a result, a quarter of users are unsure or assumed that M365 was immune to ransomware threats.

End users who show signs of uncertainty are prime targets for bad actors as they start to see the human firewall as a weak link and the potential gateway to a company’s confidential data. The new strategies by bad actors are seen in the Uber breach, where they used social engineering to steal credentials, and by impersonating popular brands such as Amazon and FedEx to attempt to lure end users through email.

“Companies must ensure comprehensive security awareness training while implementing next-gen preventative measures to ward off threats," said Hofmann. “Ongoing training should be in place to counteract the psychological tricks applied by attackers.”

Hornetsecurity also recommends that organizations balance resources across IT and security to build that cyber resilience and maturity. There’s no point in the security team taking the blame and responsibility for the mistakes of other departments that lead to compromise.

An organization is cyber resilient when each part of the enterprise works together to keep the business secure and continuously improve to handle new threats.




Edited by Erik Linask

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Cyberattack Protection, Detection, and Recovery with SaaS

By: Greg Tavarez    11/23/2022

DataHawk from Cohesity is a data security SaaS solution that helps customers protect, detect and recover from cyberattacks and ransomware attacks.

Read More

Cloud Marketplace Innovator Pax8 Ranks 131 on the Deloitte Technology Fast 500

By: Juhi Fadia    11/23/2022

Pax8 has been named in the Deloitte Technology Fast 500 among the fastest-growing technology, media, telecommunications, life sciences, fintech, and e…

Read More

Arizona Department of Homeland Security Picks Tanium for Cybersecurity

By: Stefania Viscusi    11/22/2022

With a new, state-of-the-art cybersecurity solution from Tanium, AZDOHS is able to better share key information in real time, creating a stronger secu…

Read More

IT Teams Fall Short in Microsoft 365 Security Protections

By: Greg Tavarez    11/21/2022

A surprising number of enterprises have major gaps in the Microsoft security policies and practices, leading to unnecessary risks.

Read More

Phishing Attacks Sprout from Unexpected Places

By: Greg Tavarez    11/21/2022

Users more frequently click on phishing links that arrive through other channels, including personal websites and blogs, social media, and search engi…

Read More