• by Ray Schultz , February 23, 2018

Email is the delivery vehicle for over a third of the malware attacks that hit organizations, and is thus the weakest link in the security perimeter, according to Incident Response Report, a study by F-Secure, a cyber security company.

“Exploiting software vulnerabilities in drive-by scenarios is typical in opportunistic attacks, but breaching companies via email is actually far more common,” states Tom Van de Wiele, principal security consultant for F-Secure.

F-Secure found that 34% of the attacks against companies were initiated by email. To break it down further, 16% consisted of phishing/spear phishing attacks, and 18% malware email attachments. 

 “There’s a lot of different ways different attackers can use email, and these attacks are popular because almost every company relies on email for communication,” says Van de Wiele.

He adds that “people need to think before they click on attachments and links, but the pressures of many jobs overrides this logic, which attackers understand and exploit.”

Incident responders were called in in 80% of the cases in which the security perimeter was breached, the company adds.  However, 13% of all incidents turned out to be false alarms, and this total is rising.  

According to Van de Wiele, the number of false alarms reported as security incidents is surprising, and shows that too many organizations struggle with accurately detecting cyber attacks.

“We’re often called in to investigate ‘suspicious activity,’ which tells me that a lot of organizations don’t have accurate incident detection capabilities,” says Van de Wiele. “Sometimes we’ll even investigate and discover an IT problem rather than an attack, which drains resources and distracts everyone from dealing with the real issue.”

F-Secure also reports that targeted attacks constituted 55% of the breaches, and opportunistic attacks made up 45%. Social engineering attempts were more likely to be targeted.

Insider attacks made up 20% of the total studied, 21% while were internet exploits and 9% were done with “brute force,” F-Secure says. Another 16% were grouped in the “other” category.

Among the breaches studied, 20% were malware infections, 52% were social engineering attacks, and 48% were external exploits. The company adds that 79% were successful attempts, 13% were false positives and 8% were failed attempts.

F-Secure also determined that 21% of the security incidents it investigated exploited vulnerabilities in internet facing services at companies.

Based in Helsinki, Finland, F-Secure serves clients throughout the globe.