Email and ransomware attacks dominated the cybercrime space last year
>
Despite being one of the oldest tricks in the book, email attacks still remain one of the most popular and most efficient forms of cybercrime, new research has found.
The latest edition of Proofpoint’s annual “State of the Phish” report also found that ransomware, a devastating form of malware that has yet to gain popularity, is hot on the heels of these attacks.
Based on the company’s telemetry (more than 18 million end-user reported emails; 135 million simulated phishing attacks in a year), as well as a survey of 7,500 employees and 1,050 security professionals worldwide, the report found nearly the half (44%) of employees would trust an email with “trusted branding”, while nearly two-thirds (63%) think an email address will always match the matching website or brand.
Business email compromise
Knowing this, it’s no wonder three-quarters of the global companies surveyed reported a Business Email Compromise (BEC) attack last year. Typically, the attackers go after English-speaking companies, but non-English companies are also starting to see more attacks, the researchers said.
Ransomware is also a major threat, the paper says. Worldwide, more than three-quarters (76%) experienced such an attack last year, of which two-thirds (64%) actually fell victim. About half (52%) regained access to their data after paying the ransom.
Perhaps the report’s most surprising finding is that even today, basic cyber threats are not well understood. Many of the survey respondents were unable to properly define malware, phishing, or ransomware. In addition, only about half (56%) of global companies with a security awareness program train their staff on cybersecurity best practices, and only a third (35%) conduct phishing simulations.
This lack of awareness is also the weakest link in the cybersecurity chain, say experts.
“Employees’ lack of awareness and lax security behavior pose significant risk to organizations and their data,” said Adenike Cosgrove, VP, Cybersecurity Strategy, EMEA Proofpoint. “As email continues to be the attack method of choice for cybercriminals and they expand into techniques that are much less familiar to employees, it is clearly valuable to build a security culture that spans the entire organization.”