The findings of Cisco’s Threat Report and CISO Benchmark Study reveal a marked increase in email security threats and highlight the importance of investing in email security to make it harder for cybercriminals to succeed.
Spam is nothing new, as the first reports of spam email occurred in 1978, but over the years spam email volume has been increasing. Today, spam accounts for between 45% and 50% of all emails sent, and while many of those messages are fairly benign, a large percentage are not. They contain serious threats such as malware and ransomware downloaders and attempts to obtain sensitive information such as login credentials. Today, email is the number one vector used to attack businesses, obtain sensitive information and spread malware and ransomware. The number of threats continues to rise.
Brand impersonation is common in email scams. Cisco notes that two of the most commonly impersonated brands in phishing attacks on businesses are Google and Microsoft due to the high prevalence of their products – G-Suite and Office 365 – in business environments. That means there is a high probability of a phishing email landing in the inbox of an employee of a company that uses either of those solutions.
According to Cisco’s research, CISOs are well aware of the seriousness of the threat from phishing. 56% of CISOs say email is their primary security concern, even more so than mobile devices connecting to their networks and the cloud, both of which are well known security risks.
Given the rise in email threats, it is interesting that Cisco’s research indicates email security systems are actually in decline. Cisco attributes this to the growing reliance on the cloud and the mistaken belief that the cloud is, at base level, relatively secure. While the cloud can be more secure, at the default level cloud security only offers a single layer of protection, when multi-layered defenses are now required. Regardless of where infrastructure and data are housed – on-premises, in the cloud, or a combination of the two – multi-layered security is essential.
The Cisco report sounds the alarm and warns businesses to ensure they have multi-layered security defenses in place, which should include email security solutions, multi-factor authentication, phishing training, phishing simulations, dual signature protocol for all financial transactions, and verification of authenticity at the very least. Rely on single-tier cloud security and your business is likely to become just another data breach statistic.