Top 3 Email Security Threats to Watch in 2022

 
 

WIRED just released its Worst Hacks of 2021 list, which is far less positive and exciting than other lists and awards, like the Hasty Pudding Woman of the Year award. From the WIRED list, we see that 2021 was “open season for attackers around the world”, from aggressive ransomware gangs to supply chain attacks. Disturbingly, there’s no sign of abatement in 2022. As we head into the new year, email continues to be the single most significant threat vector for nefarious attackers. In this post, we highlight some of the top email security threats you’ll face this year, including some tips to protect your inbox and your organisation.

Phishing Remains a Top Threat

According to Proofpoint’s 2021 State of the Phish report, a staggering 75% of organisations experienced a broad-based phishing attack, both successful and unsuccessful, and this figure is expected to grow in 2022. 

Phishing attacks are not a new phenomenon; what makes them particularly alarming in the year ahead is the increased sophistication with which cybercriminals are flawlessly impersonating major companies, vendors, even your colleague down the hall! Wide-net approaches (in which multiple recipients are sent the same email) remain the top form of phishing, but we also see highly targeted spear phishing, whaling, and business email compromise attacks, which carry a level of elegance that makes these attempts difficult to spot and block.

During the first six months of the pandemic, we saw a 73% rise in email phishing attacks in the UK and COVID-related attacks continue to be a problem in 2022. In one recent attack, hackers sent out emails with the subject line, “Get Your Free Omicron PCR test—Apply now to avoid restrictions” in an attempt to trick people into giving up personal information. In another case, attackers suggested via email that individuals had been in contact with an infected person, which led people to click on illegitimate links and provide personal data. 

To best protect your organisation from these relentless and sophisticated phishing attacks, block access to malicious, hacked, or inappropriate websites using web filtering.

BEC and Impersonation Attacks Are Costly

Brand impersonation and business email compromise (BEC) remain a major threat to businesses of all sizes. In a BEC attack, a hacker uses email to trick employees into transferring funds into illegitimate accounts. Often, these attacks target accounts payable departments, and the emails appear to be from a trusted source, like a supplier or senior executive. It’s exactly because of this highly targeted nature that makes BEC and impersonation attacks so successful. 

The Verizon Data Breach Investigations Report 2021 shows a rapid rise of brand impersonation attacks (called misrepresentation) that is 15 times higher than it was 2020! Another report suggests that 35% of organisations said BEC accounted for half of all security incidents they experienced. BEC attacks also result in the greatest expense to victims; losses due to BEC approach $2B per year and are only increasing. 

Protect yourself from targeted BEC and impersonation attacks with an email gateway that protects against impersonation attacks—such as BEC, CEO fraud, and whaling—and adopt standard authentication protocols such as SPF, DKIM, and DMARC that can actively stop domain spoofing.

Ransomware-as-a-Service will Flourish in 2022

If WIRED’s Worst Hacks of 2021 list shows anything, it’s that ransomware continues to be a significant threat in 2022, especially as the focus of cybercriminals shifts heavily to small and medium-sized businesses (SMBs). In addition, ransomware-as-a-service (RaaS) has become a booming business. RaaS is an established industry in which malware creations are sold to hackers via lease or subscription. This makes it easier for more attackers to unleash more ransomware attacks; it also makes it more difficult to track down the original provider or operator or such attacks. This devastating model will, unfortunately, flourish in the year ahead. One source suggests that the ransomware of 2022 will be more sporadic, dangerous, and carry a higher cost

On top of this ominous forecast, we still have many people working from home or remote offices amidst the pandemic. With many users performing tasks while remotely logged into their office network, the need for vigilance, as well as the need for adequate protection against such attacks, has never been greater. 

Email is one of the main ways ransomware makes its way into your businesses. To best protect your organisation, it's crucial to have the right email security gateway in place to avoid email-borne ransomware. 


We know this isn’t the most positive year-ahead post, but it’s an important one. To help protect your business from these very real threats, Optec has teamed up with Libraesva to offer an integrated email gateway security solution for cloud-based platforms. With proactive planning and the right partnership, you can put in place the protections you need to stop the damaging attacks we expect to see in the year ahead.

Please download our fact sheet or get in touch to learn more.  


Related posts

Previous
Previous

3 Reasons to Move to Cloud Security-as-a-Service

Next
Next

Bringing Enhanced Agility and Security to Swansea Council