Tag Archives: phishing

Technology

New report reveals that 94% of global organizations have experienced email security incidents last year

  • Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months.
  • 96% of organizations that experienced phishing attacks were negatively impacted, up from 86% last year.
  • Most cybersecurity leaders are stressed about email security, and 61% are kept awake at night by the use of AI in phishing.
  • Alarmingly, data loss and exfiltration incidents were experienced by 91% of respondents.

Leading cybersecurity company Egress today releases its second Email Security Risk Report. The report lays bare the attitudes and approaches to email security, the evolution of risks, and the impact of incidents. In the 2024 Email Security Risk Report, alongside expert commentary, a comparison of 2023’s results offers insight into how 500 Cybersecurity leaders view the threat landscape, including how they remain vulnerable to both inbound phishing attacks and outbound data loss and exfiltration, and how they continue to question the effectiveness of traditional approaches to email security.

The report contains new data on phishing attacks, data loss prevention, and concerns about technical defenses’ ability to detect and prevent advanced threats within Microsoft 365 environments.

Jack Chapman, VP of Threat Intelligence at Egress, comments:

“The 2024 Email Security Risk Report is an essential read for all cybersecurity professionals and ultimately a tool to help teams assess their inbound and outbound defenses.

“What has been staggering is the emergence of trends alongside the 2023 edition of the Email Security Risk Report; for example, 94% of respondents fell victim to phishing attacks, up 2% from the previous year. Organizations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration, and analyzing emerging trends will be key to bolstering defenses.

“The report also highlights how Cybersecurity leaders know that they’re vulnerable when it comes to phishing attacks. 58% of organizations have experienced account takeover incidents in the last 12 months, and 79% of these started with a phishing email that harvested an employee’s credentials, so it’s no wonder that phishing attacks and compromised accounts are causing concern for our Cybersecurity leaders.

“The use of AI by cybercriminals is also at the front of our leaders’ minds, and rightly so. While it’s currently impossible to actually prove chatbots are being used to create phishing attacks, cybercriminals generally take every advantage they can get. Organizations can’t afford to be left behind but must ensure their defenses keep pace with cybercriminals’ methodology and the resulting attacks.

“The stats in this latest report are truly staggering; 94% of companies have experienced security incidents in the last 12 months, and 95% of cybersecurity leaders are stressed about email security. Organizations urgently need to adapt their approach, or risk finding themselves in the same position next year.”

Email Security Risk Remains High

The Egress Email Security Risk Report 2024 has revealed that 94% of respondents fell victim to phishing attacks, up 2% from the previous year. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ransomware attachments.

Looking towards outbound email incidents, 91% of organizations experienced data loss and exfiltration due to reckless behavior to ‘get the job done’, human error or malicious exfiltration amongst other contributing factors.

  • 94% of organizations were victims of phishing attacks
  • 96% of organizations were negatively impacted by phishing attacks
  • 94% of organizations were negatively impacted by outbound email security incidents
  • 79% of organizations were victims of account takeover attacks which started with a phishing email
  • 61% of cybersecurity leaders say the use of chatbots in phishing keeps them awake at night

Employees face the consequences for email security incidents

The impact of an email security incident can be severe for employees and their organizations. 96% of surveyed organizations experienced negative impacts from phishing attacks, which is a jump of 10% versus last year’s report (when the number sat at 86%). Findings from the Email Security Risk Report show that leaders are taking a tough stance with employees caught by phishing attacks with negative outcomes for the people involved happening in 74% of companies. In particular, the report revealed the way organizations responded, with:

  • 51% of employees caught in phishing attacks disciplined
  • 39% of employees caught in phishing attacks fired
  • 27% of employees caught in phishing attacks voluntarily leaving their roles

Looking at outbound threats, a similar picture is seen with 94% of the surveyed organizations reported being adversely affected, which is an increase of 8% from last year’s report. In outbound email incidents, 67% of people were disciplined, let go, or chose to leave the organization. Employees being disciplined was the most common outcome, seen in 51% of organizations.

It is evident from the report’s data that email security incidents continue to have far-reaching impacts for organizations, with financial loss from customer churn and reputational damage topping the organizational costs in both inbound and outbound incidents. Organizations should provide the right technology to their teams to detect advanced threats and SAT programs that genuinely increases their understanding of real threats going forwards.

AI is a growing concern for cyber risk

AI continues to be one of the industry’s biggest talking points, and our Cybersecurity leaders are savvy to the effect new tools, large language models, and generative AI could have on phishing attacks. 63% are being kept awake at night by deepfakes, and 61% by AI chatbots being utilized to create efficient phishing campaigns. This trend is expected to continue into 2024 and beyond, with organizations being encouraged to continuously review their defences.

Through stolen Microsoft credentials threat actors can gain access to the kingdom

Microsoft credentials are synonymous with being ‘the keys to the kingdom’, giving cybercriminals the power to move laterally across systems and networks to exfiltrate data and access email accounts to target customers and suppliers with further attacks.

Findings from the report show that account takeover attacks (ATOs) are a significant concern for Cybersecurity leaders as 58% of organizations experienced account takeover incidents. Of these:

  • 79% began with a phishing email harvesting an employee’s credentials
  • 83% saw multi-factor authentication bypassed before proceeding with the account takeover

Additionally, over half (51%) of organizations fell victim to phishing attacks sent from compromised accounts within their supply chain in the last 12 months. Utilizing a trusted domain helps enable attacks to get through traditional perimeter defenses and people are less suspicious of emails sent from addresses they recognize. Cybersecurity leaders are well-aware of their vulnerability, with supply chain compromise and ATO their top sources of stress.

Cybersecurity leaders question the value of their SEGs

Many of the email security features Microsoft 365 offers overlap with the functionality available in SEGs, leaving organization to question their tech stack. Of those who use a SEG, 91% expressed frustration with it, and 87% are considering replacing their SEG or have already done so. As organizations adopt native controls in favor of SEGs, they are still left vulnerable to the advanced phishing attacks that can bypass signature-based and reputation-based detection, as well as employees’ behaviors that lead to outbound incidents, such as human error.

Combining Microsoft’s controls and integrated cloud email security (ICES) solutions covers the full spectrum of inbound and outbound email security incidents, so it’s little surprise that a large portion of organizations are weighing up their options.

Training is considered a checkbox requirement

According to the findings from the report, email security risks remain a top concern for organizations with 94% having experienced security incidents over the past year. Despite this, according to the majority of respondents, training is provided only to meet compliance requirements with 88% acknowledging that they are doing SAT for compliance purposes.

If training is engaging, in bite-size modules and relevant to the employee’s tasks, it should be an enriching activity with real-time teachable moments throughout their workday, but Cybersecurity leaders are currently worried that employees skip through training as quickly as possible and that they find training annoying.

With this in mind, it is no wonder that 91% of Cybersecurity leaders have doubts about the effectiveness of traditional training, and making the training tailored to teams or individuals isn’t being offered commonly:

  • Only 19% of organizations deliver SAT that reflects on the department or team that employees work in
  • Just 9% of organizations tailor training to the individual employee.

The ramifications of this are significant for both employees and their organizations as quality learning can turn a company’s biggest risk into one of their strongest defences – their people.

For more information or to access the full report, please visit https://pages.egress.com/whitepaper-email-risk-report-01-24.html and https://www.egress.com/blog/company-news/stats-from-the-email-security-risk-report

Technology

Egress experts share predictions for cybersecurity in 2024

2023 has been a ground-breaking year for cybersecurity advancements and attacks, with new developments making headlines globally.

Experts from threat intelligence, product management, and customer services at Egress share their predictions for what’s to come in 2024 in this dynamic landscape.

 

Steve Malone, VP of Product Management:

Two pints please. That will be £25,000.

“QR codes took off as the pandemic swept the globe, but I predict that QR codes will disappear from pub and restaurant tables as more people scan and get scammed.

“As with any convenience tool, attackers have already started to use QR codes in phishing campaigns to evade traditional defenses. But walk into any bar and you’ll find a QR code on the table – what better way to harvest credit card details than through using a fake QR code!”

Rise of the machines

“AI, one of the venerable buzzword acronyms beloved by technology vendors, has finally come into the spotlight. With more and more technology products offering a “co-pilot” AI assistant, I expect that poisoning or take-over of AI tools will lead to breach, compromise and manipulation of users.

“In fact, AI has already wormed its way into CISOs brains; our 2023 Email Risk Report showed 72% of cybersecurity leaders are worried about the use of chatbots to improve phishing attacks. For 2024, it’s bound to be a prominent force.”

Email is dead! Long live email!

“Collaboration tools such as Teams and Slack are now gaining ground in corporate communications, driven mainly by the ability to communicate externally.

“However, as more corporate communication moves to these platforms, organizations will see more issues relating to communication style and tone. For the most part, email is used with a business tone, and most users now understand that they’re “doing business” when they send business email.

“Cut to a Teams or Slack chat though and style becomes colloquial, immediate, abbreviated and in many cases, not business appropriate.

“Email will remain the medium of choice for business communication in industries where regulation and control is key. I predict that collaboration will over-run the rest of the world and the floodgates of socially-engineered attacks will migrate from email to collaboration.”

 

Sudeep Venkatesh, Chief Customer Officer:

More interoperability and fewer silos

“The cybersecurity space has thousands of software vendors that solve specific problems with point solutions. Our customers are faced with the problem of owning dozens of solutions that do not talk to each other and this leads to management overheads and loss of productivity.

“My first prediction for 2024 is that customers will demand greater interoperability between their cybersecurity vendors which will help them enhance their security postures and reduce costs.”

Faster and more efficient time to value

“A customer’s buyer’s remorse is strongest when they have just signed a software contract and move into the implementation phase. This opens up a phenomenal opportunity for software vendors to offer a smooth deployment and get the customer realizing value in their investment ASAP.

“The trust built in the implementation phase is often rewarded with strong advocates and long-term loyalty. On the contrary, the seeds of almost all churn are sown during deployment!”

Obsessing with showing value

“The clock in Software As a Service (SaaS) is always ticking!

“Customers make significant investments in cybersecurity software to protect against ever evolving threats. Along with providing customers with the best protection possible, vendors need to obsess about showing value to customers. Every interaction with a customer including high touch QBRs, digital communications and analytics portals needs to focus on how you are better improving their security posture. Otherwise, customers battling cyber threats on multiple fronts will quickly move onto other priorities.”

 

Jack Chapman, VP of Threat Intelligence

Faster, harder and more targeted

“Moving from 2023 to 2024, a key trend is automation behind cyberattacks and more importantly how attackers can combine and automate across multiple steps of the traditional kill chain. This unfortunately will continue to expand; I expect it will go as far as automatically creating or selecting templated phishing attacks tailored to a user’s OSINT information, sending the attack, requesting and validating the MFA and validating the compromise to perform follow-up attacks.

“The reduction in attacker participation allows for more sophisticated targeted attacks, without the threat actor spending time, money or effort, and ultimately raising the average bar of successful attacks.”

Security of AI coming to the forefront

“We often talk about attackers weaponizing the use of AI, which is certainly coming! Whether it be utilizing LLM’s or automating the generation of A/B testing specific features within phishing emails and broader cyber-attacks. However, an area which is overlooked often, is targeting the AI systems which are in place to protect organizations themselves.

“Although these systems are an asset to improve the technology controls protecting organizations, attackers have realized the opportunity here. Why combat the technology if you can teach it that all of your attacks are “safe”?!

“This is an evolution from obfuscation-based attacks which target the technology directly; now attackers can target the technology and the machine learning behind it.”

New barrage of supply chain threats

“Over the past few years, we have seen the evolution of attackers utilizing compromised business accounts to target new and unexpecting victims, effectively bypassing authentication and trust-based protection systems.

“In 2024 I predict that this will follow on to the next effective method at a new scale and challenge, using the compromised accounts of those who are already known to an organization and its users. At Egress, we have already seen a sharp rise in the latter half of 2023, but it’s expected to grow drastically in 2024.

“For a threat actor, this has so many appealing features: a ready-made list of potential targets, far higher success rates than your run-of-the-mill compromised attack, and an easier path into more secure but appealing organizations which may be too tough to target directly. This is going to be a big trend for 2024.”

 

James Dyer, Threat Intelligence Lead:

Multi-channel attacks on the rise

“Cyberattacks are becoming increasingly sophisticated, but they’re also utilizing multiple channels to attempt to add legitimacy. Victims may receive a QR code in an email, and then a follow-up SMS text, replicating multi-channel methods seen commonly in marketing, and even multi-factor authentication.

“In 2024, I can only see this trend growing. And with messaging apps like WhatsApp and Signal having less security systems than email, I predict more channels will be targeted.”

AI becomes a threat actor’s best friend

“We’re seeing more and more advanced phishing attacks, with increasingly detailed and accurate information that is harvested with the help of AI. Cybercriminals will be using open-source intelligence (OSINT) to create plausible backstories by scraping social media profiles in less than a second, or asking ChatGPT to write the most persuasive messages, and even utilize AI software to help create payloads and speed up delivery.

“As AI is added to a threat actor’s arsenal, I hope 2024 brings more governance around these tools and the ethical use of AI software.”

AI systems targeted creatively

“As AI advances, threat actors are becoming creative with their attacks to make it tough for Natual Language Processing (NLP) and linguistic checks to locate malicious wording within emails. I predict that we’ll see more invisible characters, lookalike characters and use of images to avoid scannable words which NLP would traditionally pick up.

“Along a similar vein, we’ll probably see a spike in password-restricted payloads where the payload is hidden initially as well as more attacks coming through encrypted emails which security solutions cannot scan.”

 

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value. Trusted by the world’s biggest brands, Egress is private equity backed with offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto.

Cybersecurity, News

Cybersecurity Experts Share Signs Which Might Indicate a Phishing Attack on Your Business

According to recent studies, 4 out of 10 UK businesses reported suffering a cybersecurity breach in 2021, and the average (mean) cost of each attack is estimated at £13,400. With these stats in mind, Gildas Jones, founder of Dial A Geek, discusses the most common cybersecurity threats to businesses, as well as highlighting the scams that are rising in prevalence.

The most common cybersecurity breaches include password breaches as phishing attempts (including use of malware). Phishing is social engineering that manipulates users into revealing personal and confidential information, and recently there have been huge increases in these attacks (now the most “effective” threat). A few examples of phishing red flags include:

  • Random emails from people you don’t know
  • Emails asking you to send payments to a new bank account
  • Emails asking you to change your password without you resetting it
  • Emails asking you to sign in to profiles

The use of malware – an umbrella term including viruses, trojans, worms, ransomware, and spyware – is also an issue within phishing. An example of a malware red flag includes receiving suspicious emails with email attachments – this can also be an issue when downloading files from suspicious websites, or when using outdated computer systems.

With these threats in mind, Gildas also shared 10 key tips on keeping your business’ online profiles safe from predators. These include:

  1. Setting robust passwords
  2. Using password managers
  3. Using multifactor authentication (MFA)
  4. Using antivirus software
  5. Staff training
  6. Using firewalls
  7. Having access control (and conditional access control)
  8. Limiting the number of Administrator-level accounts
  9. Implementing single sign on (SSO)
  10. Running necessary updates

Gildas Jones, founder of Dial A Geek, commented:

Recent years have started, or accelerated, some key trends in business world-wide, and there are five trends we’re seeing now that we believe will be ongoing features of the workplace of the future… These include digital transformation, social and environmental responsibility, cyber security, remote working, and productivity.

According to recent studies, only 15% of users know how to protect themselves from cybercrime. With this shocking stat in mind, we wanted to give some actionable advice to businesses on how to keep their online profiles safe from predators.

At Dial A Geek our mission is to help businesses grow with our Managed Services – if you have 10 or more employees and need a trusted partner to manage your IT systems, protect your data, assist you in compliance, and help you grow your business, contact us today”.

For more information on the full advice, visit: https://www.dialageek.co.uk/blog/common-cybersecurity-scams-the-red-flags-to-look-out-for/