The average United Kingdom (UK) business has experienced 16 successful email-based phishing attacks in 2022 so far, and 56 per cent of UK businesses had experienced an email attack, where account credentials were stolen or compromised. This was revealed in globally renowned email security company - Tessian’s recently launched new State of Email Security report.
Out of the 79 per cent of UK businesses that had encountered a successful email phishing attack in 2022, 30 per cent said the repercussions included a breach of customer or client data, 28 per cent resulted in financial losses, 27 per cent resulted in ransomware infection, 21 per cent reported reputational damage, and 19 per cent had to deal with a regulatory fine.
Tessian’s State of Email Security report
UK businesses also encountered an average of 106 email-based ransomware attacks
The report, based on Censuswide polling of 150 IT and Security professionals in the United Kingdom, also revealed that UK businesses were each targeted by an average of 113 spear phishing attacks each in 2022, of which one in seven were successful.
UK businesses also encountered an average of 106 email-based ransomware attacks, 135 impersonation attacks and 274 bulk phishing attacks across the first nine months of 2022.
Greater concern about ransomware and malware attacks
Surveyed security leaders reported that they are most concerned about ransomware and malware attacks in the United Kingdom, with 45 per cent citing this as their biggest cause for concern.
This was followed by email impersonation attacks at 31 per cent, and account takeover attacks at 29 per cent. On a global scale, however, email impersonation attacks ranked as the highest concern for security leaders.
Cyber threats expand into other communication platforms
Josh Yavor, the Chief Information Security Officer at Tessian, commented, “We all rely on email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business.”
He adds, “We can also expect threats to continue to expand into other communication platforms like instant messaging tools, personal email or social media accounts as attackers seek to evade detection.”
Email impersonation attacks
The report revealed that employees are the most likely candidates for impersonation
When looking at email impersonation attacks in more detail, the report revealed that employees are the most likely candidates for impersonation, and two in five businesses encountered a bad actor impersonating an employee.
The second most impersonated targets were company suppliers and third party vendors, both at 32 per cent, followed by investors and C-Level executives, both at 25 per cent.
Need for enterprises to proactively deliver security training
Josh Yavor adds, “To keep employees secure on email, organisations should be proactive in delivering security training that addresses the common types of threats on email that’s tailored and personalised to their role and department.”
He continues, “Company cultures also play a significant role in protecting employees. Security leaders should emphasise a culture that builds trust and confidence, which will ultimately improve security behaviours.”