Enterprise-scale email is now the No. 1 threat for
cyberattacks, according to the State of Email Security Report, a global study from email security company Tessian, conducted by Censuswide.
Companies in the U.S. receive 1.5 times more spear
phishing and impersonation attacks than the global average.
Impersonation attacks -- those using legitimate-looking e ail addresses -- were the most widespread type of advanced email attack in
the first nine months of 2022.
Companies received 148 impersonation attacks in 2022, followed by 141 spear phishing attacks and 138 email-based ransomware attacks, security leaders
said.
The most common type of impersonation, reported by 37%, was that in which threat actors posed as employees. Next were cases in which they pretended to be vendors (32%,) and C-level
executives (31%).
advertisement
advertisement
Ransomware is still a top threat: 92% of global organizations experienced at least one email-based ransomware attack in 2022.
Moreover, 10% of the security
leaders said they received over 450 email-based ransomware attacks since January 2022. And, 72% of security leaders experienced account compromise or takeover attempts in 2022.
The
latter occurs when a threat actor acquires legitimate login credentials and uses them to send more attacks.
And, while most organizations have a secure email gateway (SEG) or native security
from a cloud provider, 62% of security leaders said advanced email threats bypassed SEGs in 2022. This left enterprises susceptible to financial losses and leaked customer data.
One
possible antidote: 99.5% of those polled recognized that AI and machine learning can enhance and improve email security. The top benefits of AI were faster threat detection (66%) and more
accurate threat detection (56%). In addition, 44% say automated approaches to email security could alleviate administrative burdens for their stretched security teams.
"We all rely on
email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business,"
states Josh Yavor, chief information security officer at Tessian.
Yavor adds, "We can also expect threats to continue to expand into other communication platforms like instant
messaging tools, personal email or social media accounts as attackers seek to evade detection."
Censuswide surveyed 600 IT and security leaders in organizations across US, UK, Middle
East and Africa.