Despite being one of the oldest hacker threats, email attacks are still one of the most efficient forms of cybercrime, new research claims.
The latest edition of Proofpoint’s annual “State of the Phish” report, cited in a report published on the Proofpoint website TechRadaralso found that closely following these attacks is ransomware, a devastating form of malware that still shows no signs of waning in popularity.
A ransomware or data hijacking in Spanish is a type of harmful program that restricts access to certain parts or files of the infected operating system and demands a ransom in exchange for removing this restriction.
According to Proofpoint telemetry, there were more than 18 million end-user reported emails and 135 million simulated phishing attacks in 2022.
Additionally, according to a survey of 7,500 employees and 1,050 security professionals worldwide, it was found that almost half (44%) of employees would trust an email with a “family brand”, while almost two-thirds (63 %) think that an email address always corresponds to the corresponding website or brand.
The dangers of ransomware
Ransomware is also a big threat, the document reiterates. Globally, more than three-quarters (76%) experienced one such attack in the past year and two-thirds (64%) were victims. About half (52%) regained access to their data after making the ransom payment.
Perhaps the most surprising finding of the report is that, even today, basic cyberthreats are not that well understood. Many of the respondents were unable to correctly define malware, phishing, or ransomware. Additionally, only about half (56%) of global companies with a security awareness program train their staff on cybersecurity best practices, and only a third (35%) run phishing simulations.
This lack of awareness is also the weakest link in the cybersecurity chain, argue experts such as Adenike Cosgrove, Vice President of Cybersecurity Strategy, EMEA Proofpoint: “Awareness gaps and lax security behaviors demonstrated by employees create a risk material to organizations and their data.
“As email remains the attack method of choice for cybercriminals and they branch out into techniques much less familiar to employees, there is clear value in building a culture of security that spans the entire organization.”