Security measures fail to keep up with rising email attacks

Organizations must reassess their email security posture as incidents continue to escalate, leading to financial losses.

Key findings reveal a significant increase in email attacks, with many successfully bypassing standard security protocols and targeting vulnerable sectors. Business email compromise, phishing, and sophisticated social engineering tactics continue to evolve, exploiting gaps in security measures.

Email attacks skyrocket 293%

Acronis | Acronis H1 2024 Cyberthreats Report | August 2024

• Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023.
• The rise in email volume coincided with a 47% increase in email attacks targeting organizations.

Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals

Darktrace | First 6: Half-Year Threat Report 2024 | August 2024

• Researchers detected 17.8 million phishing emails across its customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62% of these emails successfully bypassed Domain-based Message Authentication, Reporting, and Conformance (DMARC) verification checks which are industry protocols designed to protect email domains from unauthorized use, and 56% passed through all existing security layers.

Cybercriminals exploit file sharing services to advance phishing attacks

Abnormal Security | H2 2024 Threat Report | August 2024

• Business email compromise (BEC) attacks grew by more than 50% over the last year, with attacks on smaller organizations jumping nearly 60% in the last half.
• Construction and engineering firms, as well as retailers and consumer goods manufacturers, were most vulnerable to vendor email compromise (VEC) attacks, with 70% of organizations receiving at least one VEC attack in the first half of the year.

56% of cyber insurance claims originate in the email inbox

Coalition | 2024 Cyber Claims Report | April 2024

• 56% of all 2023 claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), highlighting the importance of email security as a critical aspect of cyber risk management.

Secure email gateways struggle to keep pace with sophisticated phishing campaigns

Cofense | 2024 Annual State of Email Security Report | February 2024

• In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%.
• The report highlights that email remains the primary attack vector for cybercrime, with 90% of data breaches originating from phishing attacks aimed at employees.
• Healthcare and finance remained the top targeted industries – Increases in malicious emails bypassing SEGs in those industries at 84.5% and 118%, respectively.

Clean links and sophisticated scams mark new era in email attacks

VIPRE Security | Email Security in 2024: An Expert Look at Email-Based Threats | February 2024

• Analysis of 7 billion emails shows clean links are duping users, malicious EML attachments increased 10-fold in Q4, and social engineering attacks are at all-time highs.
• When it comes to phishing, 71% of emails are still using links as their primary bait. Attachments show up in 22% of cases, and the remaining 7% are attributed to embedded QR codes or quishing.

Understanding employees’ motivations behind risky actions

Proofpoint | State of the Phish Report | February 2024

• Fewer organizations reported email fraud attempts globally, but attack volume grew in countries such as Japan (35% year-over-year increase), South Korea (+31%), and UAE (+29%).
• Proofpoint detects an average of 66 million targeted BEC attacks every month.

Organizations need to switch gears in their approach to email security

Egress | Email Security Risk Report | January 2024

• Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months.
• Leaders are taking a tough stance with employees caught by phishing attacks with negative outcomes for the people involved happening in 74% of companies.
• In outbound email incidents, 67% of people were disciplined, let go, or chose to leave the organization. Employees being disciplined was the most common outcome, seen in 51% of organizations.