Email and ransomware attacks dominated the cybercrime space last year

(Image credit: Pixabay)

Despite being one of the oldest tricks in the book, email attacks still remain one of the most popular, and most efficient forms of cybercrime, new research has claimed.

The latest edition of the annual "State of the Phish” report from Proofpoint also found that following close on the heels of these attacks is ransomware, a devastating form of malware whose popularity is still showing no signs of abating.

Based on the company’s telemetry (more than 18 million end-user-reported emails; 135 million simulated phishing attacks in a year), as well as a survey of 7,500 employees and 1,050 security professionals across the world, the report found almost half (44%) of employees would trust an email holding “familiar branding”, while almost two-thirds (63%) think an email address always corresponds to the matching website or brand.

Protecting your business from the biggest threats online (opens in new tab)

Protecting your business from the biggest threats online (opens in new tab)
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Business email compromise 

Knowing this, it’s no wonder that three-quarters of global firms covered in the research reported a Business Email Compromise (BEC) attack last year. Most of the time, the attackers go after English-speaking firms, but non-English ones are starting to see higher volumes of attacks, as well, the researchers said.

Ransomware is also a major threat, the paper says. Globally, more than three-quarters (76%) experienced one such attack last year, with two-thirds (64%) actually falling victim. Around half (52%) regained access to their data after making the ransom payment. 

Perhaps the most surprising finding of the report is that even today, basic cyber threats aren’t that well understood. Many of the survey’s respondents couldn’t properly define malware, phishing, or ransomware. Furthermore, just around half (56%) of global firms with a security awareness program train their staff on cyber security best practices, and just a third (35%) run phishing simulations. 

This lack of awareness is also the weakest link in the cybersecurity chain, experts argue.

“The awareness gaps and lax security behaviors demonstrated by employees create substantial risk for organizations and their data,” said Adenike Cosgrove, VP, Cybersecurity Strategy, EMEA Proofpoint. “As email remains the favored attack method for cyber criminals and they branch out to techniques much less familiar to employees, there is clear value in building a culture of security that spans the entire organization.” 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.