2020 has seen the acceleration of cloud migration and, with it, a change in the tactics of cybersecurity attacks. Top Business Tech takes a closer look at Proofpoint’s report Reimagining Email Security to discover how these attacks have shifted.
According to Statista, over 102.6 trillion emails are sent each year. Even with the rise of several new communication platforms, email remains at the heart of communication and cybersecurity risk. In Proofpoint’s report Reimagining Email Security, over 90% of cyberattacks begin with email.
The current state of business email
As we have seen across all industries, the outbreak of the coronavirus pandemic has accelerated a shift from office to remote work. This shift has accelerated the adoption of cloud technologies. With 71% of companies using the cloud or hybrid cloud email, the number of malicious messages sent in 2020 has skyrocketed. Attackers sent almost 60 million emails hosted via Microsoft Office 365 and sent just under 90 million via Google in 2020. Compromising cloud accounts enables attackers to access emails, contacts, calendars, and key information with much more ease than attacking infrastructures. The reason for this is that it is easier to compromise a user than an organisation’s infrastructure.
Security challenges posed by cloud migration
In addition to the threats posed by the use of cloud services, the last year has also seen a considerable uptake in the use of email on mobile devices. The adoption of mobile devices poses new challenges for organisations looking to defend their networks, as mobile lacks user reinforcement. For example, IT leaders cannot install reporting options on mobile devices, which prevents the ability to warn other users of malicious emails seamlessly. These new threats emphasise the need for email and cloud protection more than ever.
Email threats businesses need to protect against
Three key threats stand to damage businesses in 2021:
– Business Email Compromise (BEC)
In 2020, over 60% of businesses experienced a ransomware attack. Similar to this, according to Proofpoint’s “2020 State of the Phish Report”, 57% of organisations experienced a successful phishing attack in 2020. This number of attacks is over double the reported attacks from 2019.
People are the key to protection
As individuals are the easiest point of access to an organisation’s data, it stands to reason that the key to protection is people. Attackers understand that humans are more fallible to compromise as they often struggle to differentiate a harmful email from a trusted one.
- The future of work: driving employee engagement in a hybrid working landscape
- How Wi-Fi6 will optimise hybrid working
- Which European countries have the best and worst cybersecurity?
- McAfee: How to make telehealth safer for a more convenient life online
Proofpoint’s The Human Factor Report confirms that over 99% of today’s cyberattacks are human-activated. To mitigate against this, Proofpoint emphasises the need to know who an organisation’s Very Attacked People (VAP) are, how they are targeted, and who are vulnerable to such threats. In addition, organisations need to focus on protecting four points of access: Email, Cloud, Users and Suppliers. The most efficient solution to defend against these threats is to implement an integrated threat protection platform.