Since the onset of the Covid-19 pandemic, employees have started working from home, students switched to remote learning, and cybercriminals ramped up email scams. Mimecast, a cloud security firm, has been researching the implications of Covid-19 and email security, and just released their State of Email 2021 report. Their team conducted a global survey of 1,225 IT and cybersecurity professionals from countries such as the United States, UK, Canada, and more. 47% of participants were CIOs, CTOs, CISOs, IT Directors, and IT Security Directors, across a wide range of industries.
Here Are the Top 3 Email Security Trends Mimecast Discovered:
How Common Email Threats Changed During Covid-19
1. Phishing
At the onset of the Covid-19 pandemic, there was a sharp increase in phishing attacks and compromised links as cybercriminals tried to take advantage of misinformation and public concern. Phishing attacks occur when hackers use email to extract confidential user information by imitating trusted sources. By imitating familiar sources, targets are more likely to provide private details, such as account login information from an unsecured document. To help prevent hacking, it is important to notice signs of potential phishing such as:
-
Incorrect punctuation
-
Extreme sense of urgency
-
Generic language such as Sir/Madam
-
Strange requests for confident information
Email threat volume, year over year.
2. Spear Phishing
More specific than phishing, spear phishing targets a specific organization or individual. These are more targeted, and the attacker will do thorough research on the target to ensure that the emails are error-free and as believable as possible. Brand spoofing is a common example, with 42% of businesses reporting an increase in brand misuse, and a 47% uptick in email-based spoofing from 2020-2021.
Top three data and brand privacy concerns, year over year.
3. Co-Mingled Data
Since employees started working from home, personal and sensitive business information has been increasingly co-mingled across email and collaboration tools, such as Microsoft Teams and Slack. This allows for more opportunities for cybercriminals to gain access to confidential and personal information. Mimecast found that employees are clicking on 3x more malicious links, compared to pre-pandemic levels, increasing concern over blurred personal and corporate data. An additional 70% of respondents are also concerned over the risks posed by archived business conversations.
Implications of sub-par cyber strategy, year over year.
How to Protect Yourself and Your Business
Implementing an email security system will help your business block hackers. 97% of businesses say that they have some type of email security system in place, but only 26% have a guard against the main four key areas:
-
Monitoring internal email threats
-
Monitoring external email threats
-
Protecting against data exfiltration
-
Removing malicious emails already in their inbox
Furthermore, only one in five organizations provides ongoing cybersecurity awareness training. This is a critical area for improvement since cyber awareness training prepares employees to spot suspicious email content and interpret the signs of an attempted hack. Knowing which security software services can be difficult. If you want to learn more on how to protect yourself and your business, check out our services or contact us for a free consultation.