Almost Three-Quarters of Cyberattacks Have Something in Common: Phishing

August 26, 2022

What component appears in the vast majority of damaging cyberattacks? If you said phishing, you’re right. According to the analysis presented in the 2022 Unit 42 Incident Response Report, an estimated three-quarters of the cyberattacks that they observed on businesses in the last 12 months were phishing-based scenarios. The two most punishing attacks that businesses have faced this year are business email compromise (BEC) and ransomware. Ransomware is the culprit for over one-third (36%) of business cyberattacks, followed by BEC in second place with another third of the cyberattacks (34%) analyzed in this report. Add that up and it’s easy to see that phishing is a dangerous enemy for businesses.  

Explore today’s biggest threats & what’s next in The State of Email Security 2022 GET IT>>

Phishing is taking a bite out of everyone’s bottom line 

Phishing is the biggest cyber threat that businesses face today. In a 2021 survey, 75% of IT managers said that their companies had been successfully phished in the last year. It’s also the threat that employees encounter the most at work, with massive waves of phishing messages headed for businesses every day. An estimated 1 million phishing messages circulated in Q1 2022, setting a new record. That flood of phishing messages is a flood of danger, and every phishing message that makes its way to an employee’s inbox represents a threat to a company’s security. Unfortunately, employees are also notoriously bad at spotting complex phishing threats, creating a dangerous cycle that starts each time an employee receives a phishing message. 

To add to the misery, phishing has grown even more expensive for companies to maneuver through than it has been in previous years as attacks increase in severity and complexity. The financial impact of phishing attacks on large businesses is rapidly growing with no end in sight, quadrupling since 2015. The average cost of handling the results of phishing attack attempts and successes has skyrocketed, weighing in at an estimated $14.8 million per year for major U.S. companies in 2021, compared with $3.8 million in 2015. That figure will only rise over time.    

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

5 phishing-related cyberattacks that could have been prevented by better email security 

Strong email security is the key to presenting a strong defense against phishing-based cyberattacks, like these five recent phishing-based cyberattacks that could have been prevented. About 95% of attacks on business networks are the result of phishing messages that snag an unwary employee.

  • In April 2022, Acorn Financial Services discovered unusual activity within an employee email account that ultimately led to uncovering a data breach. Acorn says that the incident was kicked off by an employee falling for a phishing email. The company acted to secure the employee’s email account but that didn’t stop the bad actors from getting their hands on the data anyway.
  • In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates. The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.   
  • North Carolina-based Atrium Health announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health At Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is still investigating whether the unauthorized user accessed the protected health information in the accounts, but if they did, that’s going to cost a fortune. The penalties for HIPAA noncompliance can range from $100 to $50,000 per individual violation, with a max penalty of $1.5 million per calendar year for violations.
  • Spirit Super has announced an employee falling for a phishing message as the cause of a cyberattack that has led to data exposure for an estimated 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added. However, bad actors still scored a major data haul.  
  • Online NFT marketplace OpenSea was embroiled in controversy after a cyberattack cost investors their NFT. A phishing attack perpetrated on the platform’s users is purportedly to blame for the incident that left more than 30 of its users unable to access their NFTs. Reports say that the attacker has made somewhere between $1.7 and 2 million in Ethereum from selling some of the stolen NFTs. An estimated 254 tokens were stolen over three hours. 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

API-based email security is the answer 

Less than 50% of IT leaders in a study by Osterman Research felt that their organization was using an effective email security solution. That’s a disaster waiting to happen in an era where the worst cyber threats companies face typically arrive attached to an email phishing message. Smart companies are turning to application program interface (API)-based email security to get the job done. Plus, cloud-native API email security is designed to quickly and smoothly detect and mitigate threats without delaying communications. API email security also gives techs more insight over and control of the protection an organization is actually receiving in today’s cloud-based business environment. Take a look at the advantages that companies gain from choosing API email security over a Secure Email Gateway (SEG) or Native security in Microsoft 365 or Google Workspace. 

Cloud-native architecture
Doesn’t slow down communications 
Quick Detection of new & zero-day threats
Highly accurate in spotting sophisticated phishing messages 
Fast deployment and integration
Minimal maintenance  
Automation options
AI capability

See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>

Graphus is the perfect choice to stop phishing immediately 

Graphus’ AI-powered email security is a powerful defense against phishing threats like these. Compared to built-in email protection or an SEG, automated, API-based email security solutions like Graphus prevent 40% more spear phishing messages from reaching an employee’s inbox. Here’s how:   

  • TrustGraph is a powerful shield between employee inboxes and malicious messages. This proprietary technology uses more than 50 distinct data points to discover sophisticated phishing messages, even zero-day attacks.    
  • EmployeeShield displays a bright, prominent box on suspicious messages, reminding them to be cautious. Employees can designate a message as genuine or malicious with a single click.    
  • Phish911 makes it simple for employees to report any message that they don’t think is safe. When an employee reports a potentially malicious email, the message is immediately removed from everyone’s inboxes.     

Learn more about Graphus

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus