Businesses are under siege from a barrage of phishing emails daily, and that pressure is only growing. At the same time, cybercriminals are constantly stepping up their game to bypass many traditional email security measures and lure their targets in with sophisticated, hard-to-detect messages, resulting in significant email security challenges for businesses. Bad actors are increasingly turning to social engineering techniques to fool their targets, like masquerading as a trusted contact or impersonating well-known brands. As the cybercriminal playbook evolves, IT professionals have to evolve their own playbooks to contend with a rapidly-shifting threat landscape.
Excerpted in part from the eBook The State of Email Security 2022 DOWNLOAD IT>>
Phishing is The Root of Many Risks
Fortunately for IT professionals, most of today’s nastiest cyber threats have something in common — they often start with a phishing email. That’s why it is mission-critical for organizations to keep an eye on the risk landscape and implement strong email security to ensure that they’re ready for today’s threats. Stopping phishing equals stopping dangerous threats and reducing cyberattack risk. These 2021 trends underpin the business email security picture right now and lay the foundation for future challenges that organizations will face.
Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>
The Threats Detected in Email Analyzed by TrustGraph®in 2021
Graphus’ proprietary technology, TrustGraph, thoroughly analyzes the content of every incoming email an organization protected with the solution receives. Phishing messages are detected and subsequently quarantined.
- General phishing 55.5%
- Malicious attachments 18.20%
- Business email compromise (BEC) 13.48%
- Executive spoofing 11.88%
- Other 1.04%
The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>
The Trends That Influence Today’s Phishing Landscape
These quick looks at the drivers of risk today can help illuminate tomorrow’s threats.
Phishing-related cyberattacks and losses have boomed
Phishing-related cybercrime surged in 2021, and that tide doesn’t look like it will be lowering anytime soon.
- Business email compromise losses increased 28%
- Ransomware attacks and losses grew by over 50%
- Social media-related phishing attacks grew by more than 80%
- Brand impersonation and spoofing was 15 times higher in 2021 than in 2020
- Total cybercrime losses increased by almost 50%
Phishing paved the way for other damaging cyberattacks
Phishing is a gateway to disaster for businesses. Unfortunately, it’s a gate they’re not defending very well, giving cybercriminals golden opportunities to strike
- An estimated 84% of businesses were the victims of a successful phishing attack.
- About 59% of organizations that fell victim to a phishing attack were then infected with ransomware.
- Just over 40% of network intrusions were facilitated by phishing.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
High Email & Phishing Volume Have Created Security Stress
In 2021, 319.6 billion email messages were sent — up from 306.4 in 2020 — and email volume is expected to jump to 376.4 billion messages in 2022. Unfortunately, an increase in email volume is also an increase in the volume of phishing messages that an organization’s email security system has to handle. That’s reflected in reporting from the U.K. Information Commissioner’s Office (ICO). That agency recorded 150,317 phishing attacks in January 2021, which dramatically increased to a startling 4,135,075 in December 2021 — an increase of 2,650%.
Some of their other findings were:
- Malicious spam shot up by 2,775% between January and December 2021.
- Phishing messages climbed 20% between January and December 2021.
- Malware attacks in 2021, commonly carried through phishing, boomed with a 423% increase.
Learn about the evolution of ransomware and get tips to defend against it! GET EBOOK>>
Bad Actors Are Hungry for All Kinds of Sensitive Information
Phishing kits are used in security awareness training to simulate phishing attacks. In a study of phishing kits, this is the data the bad guys asked their victims for the most.
|Information Requested||% Presence in Total Analyzed Kits|
|User credentials (email/ID and password combinations||100|
|Credit card information||61|
|Date of birth||17|
|Identity card number||15|
|Answers to security questions||14|
Source: IBM X-Force Threat Intelligence Index 2021
Learn how to add to your security team without adding to your headcount. FREE EBOOK>>
Here Are the Threats That Employees Fall For
By analyzing the results of thousands of phishing resistance training sessions and phishing simulations run in 2021 using ID Agent’s award-winning security and compliance awareness training solution BullPhish ID, it’s easy to see that phishing is the top training concern because employees are unfortunately very likely to fall for many common phishing tricks.
2021 BullPhish ID Phishing Resistance Training Totals
- Total number of training campaigns created – 81,484
- Total number of phishing simulation emails sent – 2,424,762
- Total number of clicks on phishing simulation emails – 106,670
Top 3 Security Awareness Training Courses of 2021
- Phishing: Introduction to Phishing – 150,163 created trainings
- How to Avoid Phishing Scams – 129,666 created trainings
- Phishing: The Dangers of Malicious Attachments – 100,265 created trainings
Top Phishing Simulation Campaigns That Successfully Drew Employee Interaction
- Office 365 – Suspicious Login – 10879 clicked
- FedEx – Package Delivery – 6535 clicked
- Google Docs – Invitation to Edit – 4492 clicked
Top Phishing Simulation Campaigns That Captured Credentials & Data
- FedEx – Package Delivery – 2056 captures
- Office 365 – Suspicious Login – 1736 captures
- COVID-19: Sharepoint Webinar – 1440 captures
AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>
Stop Phishing Before Employees Have the Chance to Start a Cybersecurity Disaster
Graphus is an automated email security solution that is powered by AI. That means that it can intelligently sort and filter the emails that come into a company’s environment to determine which ones are safe and which ones are suspicious. How does it do that? By using a unique, patented algorithm that fosters machine learning, enabling it to learn each company’s unique communication patterns and refine its judgment criteria all by itself to tailor that company’s protection now and in the future.
TrustGraph® automatically detects and quarantines malicious emails that might break through an organization’s email security platform or existing Secure Email Gateway (SEG), so the end-user never interacts with harmful messages.
EmployeeShield® alerts recipients of a potentially suspicious message to danger that they may not notice by placing an interactive warning banner at the top that allows users to quarantine or mark the message as safe with a single click.
Phish911™ empowers employees to proactively report suspicious and unwanted emails for IT to investigate reducing your exposure to potential disaster.
Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today.