Why are emails still the number one target for cyberattacks

Email is dangerous because it is one of the most common methods for hackers to attack businesses, yet we continue to use it anyway. In its 2018 Internet Security Threat Report, Symantec revealed that 54.6% of all email is spam. It also revealed that the average user gets 16 malicious spam emails every month; that’s 192 spam emails a year for every employee. For a small company, that means receiving thousands of spam yearly. According to the same report, 92.4% of those contain malware.

In fact, 1 in every 100 emails is a malicious attempt to commit some form of cybercrime, whether that’s to deliver malware, conduct spear phishing, commit fraud, or more. It takes just one email to get through and one employee to click an attachment or give away personal information to put a company at risk or even bring it to its knees.

Ninety percent of attacks via email are social engineering or phishing. Phishing and its cousin, spearphishing, involve using phony emails and capitalize on the carelessness of users. Criminals impersonate legitimate sources, such as a CEO or financial institutions, to commit crimes like identity theft and data breaches.

The FBI reported in 2019 that deliberate attacks on business email have cost organizations over $12 billion in the last five years. That’s a lot of profit for hackers.

Email is not going away. It’s still the primary way for people and businesses communicate. But what makes email so vulnerable to attacks?

Education is no match for human error

With human error identified as a major cause of vulnerability, security awareness training has become a fundamental requirement for any business. At the end of the day, people make mistakes, in spite of their education in email security best practices and red flags. The Locky ransomware is a good example of an unsophisticated and blatantly obvious attack that nevertheless succeeded. The malware was delivered in a blank email message, and yet people still chose to click on the malware attachment.

Related article: Spectrumwise’s Ultimate Guide to Email Security

People use their consumer emails for business

Employees continue to use their personal inboxes for business communication. Using them for work leaves vital company information vulnerable to theft. Unbeknownst to most users, consumer email services hardly if at all have any defenses. Apparently, security is not a priority with consumer email services.

It’s still very easy to spoof names and addresses

Anyone can claim to be someone else by spoofing their names and addresses. That is still enough to fool the average person into thinking that their boss sent them an email and clicking on the attached malware.

Tactics continue to evolve

Email phishing and spam are ongoing problems because their content and tactics change all the time. Hackers and opportunistic spammers quickly alter their approaches as soon as the security industry develops a defense against their attacks like a never-ending cat-and-mouse game.

Professional hackers offer phishing services

The growth of the security industry has also seen the parallel and even exponential growth of the hacking industry. Underground marketplaces like the dark web are not only a place to buy and sell hacked data, but also to contract expert services dedicated to putting email at risk. Dark web sellers, for instance, offer to hack into corporate email accounts for as little as $150. Sometimes, buyers of these services will offer hackers a percentage of the profits made from an email-delivered attack.

Corporate emails are too tempting

Some emails don’t even need to be hacked. Digital Shadows, a security company, discovered an entire company email inbox of over 12 million archived files ripe for the picking due to a misconfiguration. The files included confidential and sensitive data in the form of 27,000 invoices, 7,000 purchase orders, and 21,000 payment records.

To secure your email, you need all the help you can get. Keep your inboxes safe with a multilayered approach using multifactor authentication, spam protection, password management, cloud-based firewall protection, security awareness training, and proactive monitoring. Spectrumwise is a managed services provider that takes a hands-on approach to secure all your communication and IT systems at a cost-efficient rate. Partner with us today.

Unsure about how to secure your business email? Read our comprehensive blog, Spectrumwise’s Ultimate Guide to Email Security and eliminate your fears of costly security breaches.


Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.