Email breaches are ubiquitous

Microsoft Office 365 users continue to be the target of online cybercriminals with 89 percent affected.

  • 2 years ago Posted in

Cyren has unveiled its 2022 Benchmarking Survey, a study by Osterman Research on the most prevalent email-borne security threats such as account takeover, business email compromise (BEC) attacks, and ransomware facing Microsoft Office 365 Customers. The study confirms that bad actors are becoming more successful with launching credential compromise attacks targeting Microsoft Office 365 users, with an increase from 78 percent in the 2019 benchmarking survey.

Despite investments in secure email gateways and countless hours spent investigating suspicious emails, the survey revealed that the number of successful breaches caused by email attacks has almost doubled from the levels seen in 2019; respondents disclosed an average of 21.6 email breaches per organization in the current survey versus 11.3 average breaches in the previous one. This is occurring even as organizations are hiring more IT and security staff to cope with challenges during the pandemic. What’s more, the cost associated with successful attacks are concerning even for the most secure company. The report shows that organizations are plagued by hidden costs in remediating these attacks once they have happened, with each email breach costing US organizations an average of $311,154 per year, and UK organizations an average of £107,959 per year.

“The report highlights how phishing, Business Email Compromise, and ransomware attacks are affecting organizations across the US and the UK,” says Michael Sampson, Senior Analyst at Osterman Research. “Cyber attackers are continuously breaching systems, and organizations are struggling with current security solutions battling to keep up with the onslaught of email threats. We also found interesting distinctions between the US and the UK with organizations in the UK more likely to acknowledge a successful email breach than those in the US, despite the fact that it costs more for organisations in the US to remediate their attacks.”

Although phishing is the most common breach type experienced by organizations, with 69% of organizations experiencing at least one successful phishing breach during the past 12 months, the study found that Microsoft 365 account takeovers happen more often - an average of 14.5 Microsoft 365 login credential exposures took place in the previous 12 months. Additionally, undetected email threats have grown exponentially over the past two years, and as a result, organizations have invested in solutions that allow employees to report suspicious emails, with only 2 percent of organizations not defining a mechanism for users to do so.

“Organizations have been inundated by phishing attacks, BEC attacks and ransomware threats for far too long and this study highlights how successful these ‘common’ attacks can be,” says Mike Fleck, VP Marketing at Cyren. “Not only are organizations experiencing more threats, but they are also suffering from the high costs of incident response associated with investigating suspicious emails and responding to confirmed threats. With the copious number of threats facing organizations every day, and the potential cost it takes to remediate an attack looming over their heads, it is essential that they increase the efficiency of how they are managing the problems of account takeover, BEC, and ransomware. The time has come to accept that we cannot prevent these attacks from getting through, instead we must reduce the effort it takes to spot and contain them before a breach occurs. With an inbox security solution that provides visibility of and an automated and continuous response to threats, businesses can address unsolved problems like business email compromise and ransomware.”

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...