Phishing and other messaging-based attacks continue to be a pervasive threat, with 97% of companies seeing at least one email phishing attack in the past 12 months and three-quarters of firms expecting significant costs from an email-based attack.
That's according to the "State of Email Security" (SOES) report, based on a survey of 1,700 IT professionals published by Mimecast this week. The report also found that the most significant email-borne threats continue to be phishing, ransomware, and spoofing.
Two-thirds of respondents acknowledged a successful ransomware attack, with companies in certain industries more likely to be a victim, including consumer services (87%), energy (83%), healthcare (80%) and the media and entertainment (86%) sectors. On the spoofing side, 91% of those surveyed had seen attempts to steal or use their email domain in an attack, according to the survey.
The increased concern about cyberattacks via email and collaboration platforms comes as companies have shifted to hybrid work environments, making tools like Slack and Microsoft Teams popular ways of exploitation by opportunistic cybercriminals. Nearly three-quarters of companies surveyed feel it is likely or extremely likely that their company will suffer an attack delivered through their collaboration tools, according to the study, which was conducted by market research firm Vanson Bourne.
"While email remains the primary attack vector for bad actors, collaboration tools provide a new threat surface for cybercriminals to infiltrate," the report stated. "And this, in turn, creates even more risk for CISOs and their teams to manage."
Though certainly not a new area, attacks on messaging and collaboration software are a growing source of compromise for companies. In its quarterly "Phishing Activity Trends Report," the Anti-Phishing Working Group (APWG) detected 1.3 million attacks in third quarter of 2022, up from 1.1 million phishing attacks in the second quarter of 2022. Attackers are also getting better at fooling defenses and sneaking into users' inboxes, with 19% of phishing attacks bypassing platform defenses, according to a report released in October.
With the ramped-up activity comes more awareness, at least. "More [company] leaders are increasingly aware of the dangerous ramifications cyberattacks pose against their business," says Thom Bailey, senior director of strategy at Mimecast. "However, organizations are still behind the curve in terms of security posture."
Collaboration Tools Expand Quickly
Collaboration tools represent an expanding attack surface area, according to the SOES survey. While the vast majority of professionals (90%) maintain that collaboration tools are essential to their company's workflow, keeping up with the installed base of tools is "overwhelming," according to those polled. Two-thirds of professionals (67%) are overwhelmed by the number of tools, and more than half (55%) have to attempt to detect and manage tools downloaded by workers without approval.
That said, whether the attacker uses email as their vector, or Slack or Teams, the end goal is the same, Bailey says.
"It’s important to remember that even though the attack vector is slightly different, the human end user is still the key target," he says. "The majority of attacks targeting collaboration channels leverage the human element, where an adversary makes a compelling appeal for a recipient to engage with the attacker."
On the email side, more companies are adopting email security specifications, such as Domain-based Message Authentication, Reporting and Conformance (DMARC) and Brand Indicators for Message Identification (BIMI) to prevent spoofing. To protect their domains, 88% of survey respondents would like to use the DMARC standard to make their email more resilient to spoofing attacks. Unfortunately, only a bit more than a quarter (27%) have actually deployed the features, according to the SOES survey.
Can ChatGPT Help With Phishing as Well?
While anti-spam engines are among the earliest applications of machine learning to cybersecurity, most professionals aim to go further, with 92% either using or planning to use artificial intelligence (AI) features and machine learning (ML) to bolster their current defenses. Doing so can help cybersecurity teams keep up with attackers, Bailey says.
"When combined with natural language processing tools such as auto-encoders or large language models, [AI] can help detect anomalies in the writing style and communication patterns of inbound emails, blocking messages and alerting employees accordingly," he says. "It also helps reduce human error ... further enabling strained IT teams ... to offset critical workforce challenges by automating repetitive tasks and streamlining workflows to drive higher levels of efficiency."
The SOES survey included professionals from companies of various sizes, including 15% with fewer than 500 employees, 76% with between 500 and 10,000 employees, and 9% with more than 10,000 employees. The top industry sectors represented by the survey professionals included financial services (14%), technology and telecommunications (13%), retail (13%), and healthcare (11%).