Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
The report that captures the true state of email security in 2022, brought to you by Tessian. Check out the research report.
The report that captures the true state of email security in 2022, brought to you by Tessian. Read on to discover the latest trends and key findings related to advanced threats and data loss on email in the modern day enterprise.
In addition to financial losses and breaches of customer data, 71% of security leaders experienced credential or account compromise a.k.a Account Takeover as a result of a successful advanced email attack in 2022.
When a threat actor acquires legitimate login credentials, they can use those credentials to send more attacks, posing as the individual they’ve successfully manipulated in attempts to steal money or sensitive information. It is incredibly difficult for the recipient of the malicious impersonation email to determine whether they are receiving an email from a cybercriminal or their trusted connection.
Despite having a rule-based email security solution in place, in the form of a Secure Email Gateway (SEG) or native security from a cloud provider like Microsoft or Google, IT and security leaders found that advanced email threats continued to reach end-user inboxes.
In fact, over six in 10 security leaders (62%) whose organizations have a SEG in place said advanced email threats bypassed those defenses in 2022.
Why? Read more here: Why Legacy Secure Email Gateways Are No Match for Today’s Cyber Threats
When asked who was being impersonated in the email attacks, over a third of IT and security leaders (37%) said threat actors posed as employees in attempts to trick end-users in their organization. This was closely followed by a vendor (32%) and a C-level executive (31%).
On average, companies with over 1,000 workers received twice as many spear phishing and email impersonation attacks than companies with 100-250 employees, and 3x more than companies with under 100 employees.
Smaller companies – those with under 250 employees – were most likely to receive email attacks from threat actors impersonating board members and investors. This reflects how cybercriminals tailor their scams to make them more believable, given that most companies of this size will be start-ups. In larger organizations, users were more likely to receive impersonation emails from threat actors pretending to be employees or company vendors.
Email threats coming into the inbox aren’t the only threat that IT and security leaders have to deal with; emails being sent by users also pose risk to data and company security.
Nearly two-thirds of security leaders (63%) said that their staff exfiltrated data over email in 2022, while 92% of companies experienced a data breach caused by an end-user making a mistake on email – such as sending an email to the wrong person or failing to send the correct attachment.
What’s more, nearly one in five companies (16%) dealt with over 50 data breaches caused by users’ errors on email in 2022 alone.
Nearly every respondent (99.5%) recognized that AI and machine learning can enhance and improve their email security. The number one benefit cited by IT and security leaders were faster threat detection (66%), closely followed by more accurate threat detection (56%).
44% of respondents also noted that automated approaches to email security could alleviate administrative burdens on their already stretched security teams.
Despite recognizing the benefits of adopting machine-intelligent technology to protect against email threats, just under half of the respondents (45%) say they are using a next-generation email security solution that leverages AI or machine learning.
As more and more companies move to the cloud, and more users become reliant on digital channels to share data with customers, colleagues and vendors, the threat of data loss on email increases.
What’s more, there is no doubt that impersonation and social engineering attacks will persist and continue to evolve. Using intelligent solutions to understand and influence people’s behaviors on channels like email must be at the core of security solutions if businesses are to tackle this ever-evolving threat.
