Phishing is the Biggest Data Loss Threat That Businesses Face

June 09, 2022

Businesses are under siege from a barrage of phishing email every day, making it hard for IT professionals to execute a successful defense against email-based cyber threats. Unfortunately, today’s phishing messages can be a problem for employees to spot, creating a major data loss threat for businesses. Making the challenge even harder, cybercriminals are constantly stepping up their game to bypass many traditional email security measures and lure their targets in with hard-to-detect messages – and 97% of employees are unable to detect a sophisticated phishing message.  

Excerpted in part from The State of Email Security 2022. DOWNLOAD IT NOW>> 

Data Loss Via Email is a Major League Risk 

Email is the riskiest channel for data loss in an organization. In a recent study, 65% of IT security practitioners cited email as their biggest data loss risk, followed by cloud file-sharing services (62%) and instant messaging platforms (57%). Much of that data loss was the result of improper employee behavior including mistakes and malicious insider activity. The leading cause of data loss incidents (40%) was employee negligence like the failure to comply with data security policies. An estimated 23% of organizations in the study experienced up to 30 security incidents involving employees’ use of email every month ranging from sending the wrong file to interacting with a phishing message. 

Another major challenge that IT professionals face is a lack of visibility into the sensitive data that employees transferred from the network to personal email. This was cited as the most common barrier to preventing data loss via email in 54% of organizations. About 50% of respondents reported being unable to identify legitimate data loss incidents and lack of insight into standard employee data handling behaviors as major obstacles in their fight to prevent data loss through email for their organizations. 

See 10 reasons why Graphus is better than other email security solutions. SEE THE LIST>>

Malicious Insiders Complicate the Picture 

Of course, some data loss via email can be chalked up to a source that no one wants to think about: malicious insiders. Unfortunately, not everyone in an organization is really on the same team. This growing problem is a driving contributor to data loss. In this study, researchers determined that 27% of the data loss incidents they studied were caused by malicious insiders. Making matters worse, malicious insiders also have the power to cause data security incidents that take a long time for IT personnel to detect. It can take organizations up to three days to detect and remediate a data loss and exfiltration incident caused by a malicious insider via email. 

So, what are they looking for? Malicious insiders overwhelmingly want one thing: money. One quick way for them to get it is to steal valuable data to sell in the booming dark web markets. The most common types of confidential and sensitive information lost or intentionally stolen in the incidents studied includes customer information (present in 61% of incidents); intellectual property (56% of incidents); and consumer information (47% of incidents). Malicious insiders can hide anywhere in an organization, but they do have a few favorite departments to target. 

The Top Departments for Malicious Insiders to Target    

Finance 41% 
Customer Success 35% 
Research and Development (33%)    33% 

Source: Swiss Cybersecurity Forum      

The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>

The Roots of The Perilous State of Email Security Risk Today

In order to get a solid grasp on the essence of today’s email threats, especially threats that could lead to data loss, it’s important to understand the factors that make up today’s email landscape. These trends underpin the business email security picture right now and offer a snapshot of what could influence the email security picture in the months ahead.  

Phishing-Related Cyberattacks & Losses Are Booming

Phishing also paved the way for a parade of damaging cyberattacks, and far too many businesses just weren’t ready to face the threat to their detriment.

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

High Email and Phishing Volume Has Increased Security Stress 

In 2021, 319.6 billion email messages were sent — up from 306.4 in 2020 — and email volume is expected to jump to 376.4 billion messages in 2022. Unfortunately, an increase in email volume is also an increase in the volume of phishing messages that an organization’s email security system has to handle.  

That’s reflected in reporting from the U.K. Information Commissioner’s Office (ICO). That agency recorded 150,317 phishing attacks in January 2021, which dramatically increased to a startling 4,135,075 in December 2021 — an increase of 2,650%.  

Some of their other findings were: 

  • Malicious spam shot up by 2,775% between January and December 2021.  
  • Phishing messages climbed 20% between January and December 2021.  
  • Malware attacks in 2021, commonly carried through phishing, boomed with a 423% increase. 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

What Types of Email Messages Did Graphus Stop in 2021? 

Keeping businesses safe from cyberattacks starts with preventing phishing. Graphus uses machine learning to power AI that detects and quarantines most suspicious messages automatically.  Graphus’ proprietary technology, TrustGraph, thoroughly analyzes the content of every incoming email an organization protected with the solution receives. Phishing messages are detected and subsequently quarantined.  

Top Types of Phishing-Based Cyberattacks Caught By Graphus

  1. General phishing 55.5% 
  2. Malicious attachments 18.20%  
  3. Business email compromise (BEC) 13.48% 
  4. Executive spoofing 11.88% 
  5. Other 1.04%  

How safe is your email domain? Find out now with our domain checker. CHECK YOUR DOMAIN>>

Graphus Increases Data Security by Stopping Phishing in Its Tracks 

Graphus improves any organization’s data security immediately. Choose AI-powered, automated email security to quickly and efficiently protect your company from some of today’s nastiest phishing-related cyberattacks and you’ll enjoy the peace of mind that comes from knowing that you’re blocking sophisticated phishing messages before users see them.   

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.  
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm. 
  • Put 3 layers of protection between employees and dangerous email messages. 
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.    
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus