Despite being one of the oldest tricks in the book, email attacks still remain one of the most popular, and most efficient forms of cybercrime, new research has claimed.
The latest edition of the annual "State of the Phish” report from Proofpoint also found that following close on the heels of these attacks is ransomware, a devastating form of malware whose popularity is still showing no signs of abating.
Based on the company’s telemetry (more than 18 million end-user-reported emails; 135 million simulated phishing attacks in a year), as well as a survey of 7,500 employees and 1,050 security professionals across the world, the report found almost half (44%) of employees would trust an email holding “familiar branding”, while almost two-thirds (63%) think an email address always corresponds to the matching website or brand.
Protecting your business from the biggest threats online (opens in new tab)
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.
Business email compromise
Knowing this, it’s no wonder that three-quarters of global firms covered in the research reported a Business Email Compromise (BEC) attack last year. Most of the time, the attackers go after English-speaking firms, but non-English ones are starting to see higher volumes of attacks, as well, the researchers said.
Ransomware is also a major threat, the paper says. Globally, more than three-quarters (76%) experienced one such attack last year, with two-thirds (64%) actually falling victim. Around half (52%) regained access to their data after making the ransom payment.
> What is ransomware and how does it work? (opens in new tab)
> The 10 worst ransomware attacks ever (opens in new tab)
> These are the best firewalls right now (opens in new tab)
Perhaps the most surprising finding of the report is that even today, basic cyber threats aren’t that well understood. Many of the survey’s respondents couldn’t properly define malware, phishing, or ransomware. Furthermore, just around half (56%) of global firms with a security awareness program train their staff on cyber security best practices, and just a third (35%) run phishing simulations.
This lack of awareness is also the weakest link in the cybersecurity chain, experts argue.
“The awareness gaps and lax security behaviors demonstrated by employees create substantial risk for organizations and their data,” said Adenike Cosgrove, VP, Cybersecurity Strategy, EMEA Proofpoint. “As email remains the favored attack method for cyber criminals and they branch out to techniques much less familiar to employees, there is clear value in building a culture of security that spans the entire organization.”
- Here is our list of the best endpoint protection (opens in new tab) services right now