It's no secret that most data breaches originate with end-users. Despite increased employee training, and frequent high-profile data breaches in the news, many employees continue to view their email and devices as inherently secure. Given the rise in social engineering, SPAM-based phishing attacks, and malware-laced messages, this couldn't be further from the truth. To better understand how these email threats continue to predominate, researchers at Symantec took a year long account of the evolving landscape.
Overall, email-borne malware detection rates actually decreased this past year. In 2016, 1 in 131 emails contained malware, where as in 2017, only 1 in 412 did. The five most popular malware-laced emails advertised:
These malicious emails were not evenly distributed, as certain industries attracted more attention from cybercriminals than others. In terms of email malware by industry, public administration was the most frequently targeted, with 1 in 120 emails being compromised. Manufacturing, construction, services, finance, insurance, and real estate were also within the top eleven:
Industry |
Email Malware (% of total vol.) |
Spam Rate (% of total vol.) |
Construction | 27.2% | 56.9% |
Finance, Insurance, and Real Estate | 16.6% | 55.2% |
Services | 10.6% | 53.7% |
Manufacturing | 9.5% | 55.9% |
Non-classifiable Establishments | 9.5% | 54.6% |
Employees in the manufacturing industry were receiving an average of 25.5 email viruses annually. For construction, the number was 18.1, and for finance, insurance, and real estate, it was 9.1. While alarming, these rates were overshadowed by public administration, where the average user was hit with 53.1 email viruses annually.
The two most common means of distributing malware via email is through links and attachments. Attachments are generally more common - containing a script that, once downloaded, runs malicious code. Links to malicious codes are used less frequently, because they are usually blocked by spam or web filtering solutions. Still, link-based malware grew 10.7% in 2017.
Another key take away from Symantec's findings, was that email malware does not discriminate based on company size. Since massive corporate hacks gain the lion's share of coverage, this can create a false sense of security for smaller companies. However, more than half of the data breaches reported in Massachusetts in 2017 were for companies with under 250 employees. In terms of email malware, Symantec reported:
Company Size | Email Malware Rate |
1 - 250 | 1 in 376 |
251 - 500 | 1 in 306 |
501 - 1,000 | 1 in 425 |
1,001 - 1,500 | 1 in 244 |
1,501 - 2,500 | 1 in 355 |
2,501+ | 1 in 512 |
Fortunately, there are a number of preventative choices that will help mitigate these threats. Consider leveraging a first line of defense, reducing the likelihood that your end-users come into contact with malicious emails. iCorps' email filtering protects against SPAM, viruses, phishing, denial of service, directory harvest attacks, and more. This service helps keep your Inbox safe, identifies threat patterns, and protects sensitive email content. iCorps partners with Mimecast, providing a number of cloud-based email security services for advanced email management and email compliance. Here are 6 reasons why your inbox needs Mimecast email security.
While email security is an important element in maintaining a strong cybersecurity posture, it is just one of many factors that contribute to a secure computing environment. iCorps’ Managed Security solution is based on a “Defense in Depth” model. The idea is that your network should have more than one layer for each security category. iCorps' Managed Security supplies:
Learn about iCorps' Managed Security offerings, including anti-virus email software, today!