Abnormal Security released its
H1 2023 Email Threat Report,
which examines recent developments in the email threat environment and
focuses on the growing risk employees pose to an organization's
cybersecurity.
The latest Abnormal research found that between July-December 2022, the median open rate for text-based business email compromise (BEC)
attacks was nearly 28%. Additionally, of the malicious emails that were
read, an average of 15% were replied to. And while less than one
percent of recipients engaged with more than one attack, 36% of replies
were initiated by employees who had previously engaged with an earlier
attack.
When it comes to email attacks, the odds are stacked against your
workforce-and this new data shows just how much. Threat actors are
increasingly taking advantage of social engineering tactics
to encourage employees to open malicious emails and fulfill requests
like providing login credentials, updating bank account information, and
paying fraudulent invoices.
"The same techniques that have been used for thousands of years to con
people are the same tactics that are used today for email attacks. The
only difference is that criminals are using a computer to do it," says
Crane Hassold, director of threat intelligence at Abnormal Security.
"Human beings are relatively easy to manipulate, and employers'
expectations regarding the ability of the average employee to identify
these modern attacks are far too high. It is much safer to prevent a
threat from reaching an employee's inbox than to rely on them to try to
detect these sophisticated attacks on their own."
Utilizing internal data aggregated over the prior six months, Abnormal's
H1 2023 Email Threat Report also explored the steady rise of business
email compromise and the continued popularity of supply chain compromise
as an attack strategy. Over the past two halves, BEC attack volume grew
by more than 81%, and over the past two years, it increased by 175%.
Additional findings from the report include:
-
Only 2.1% of known attacks are reported to the security team by
employees, and 84% of employee reports to phishing mailboxes are either
safe emails or graymail.
-
Employees in entry-level sales roles with titles like Sales Associate
and Sales Specialist read and reply to text-based BEC attacks 78% of the
time.
-
Between the first and second half of 2022, BEC attacks targeting SMB organizations grew by 147%.
-
Nearly two-thirds of large enterprises experienced a supply chain compromise attack in the second half of 2022.
"Email is undeniably the most common channel for asynchronous
communication. And as our collective dependence on email has increased
over the past two years, its popularity as an attack vector has also
grown," said Mike Britton, chief information security officer at
Abnormal Security. "One of the biggest challenges with email attacks is
that your employees have to be correct every time whereas threat actors
only have to be successful once. While educating employees about
potential threats can certainly help reduce the risk of them engaging
with a malicious email, the most effective way to prevent attacks is by
investing in an email security solution that ensures threats are never
delivered in the first place."
As cybercriminals continue to see success, email threats will only
increase in volume and sophistication. To stay one step ahead, modern
enterprises need a cloud email security solution
that proactively blocks attacks before they reach employee inboxes.
Abnormal baselines known-good behavior across your workforce and
vendors, and then detects and remediates malicious emails in
milliseconds to prevent end-user engagement. By pairing advanced
behavioral science with risk-adaptive detection, Abnormal stops the full
spectrum of email attacks and eliminates opportunities for employees to
make a catastrophic mistake.
For more information about these trends and to download the full report, please visit: https://abnormalsecurity.com/h1-2023-report.