June 2019 by Cisco
Some of our most common threat vectors are growing up. Last year, spam turned 40, and phishing isn’t too far behind, turning 30-years-old. Yet, decades since both were introduced, organizations are still struggling to protect their users from email threats, and according to the latest CISO Benchmark Study it is the top issue keeping CISOs up at night. (56% of CISOs surveyed found it very or extremely challenging.) This ranks higher than any other security concern surveyed—higher than data in the public cloud, higher than mobile device use.
The problem? Only 41% of organizations use email security as part of their threat defenses, down from 56% in 2014.
The latest Cisco Cybersecurity Report challenges assumptions about the email security landscape, diving into the current challenges of CISOs and analyzing threats like Office 365 phishing, social engineering, digital extortion and malware delivery to provide clarity around adversary tactics. Some highlights from the report:
• Volume of email attacks are increasing. One third of all emails that travel through Cisco’s Email Security Appliances are blocked outright, based on IP reputation alone.
• Fraud is the driving force behind cybercrime losses. According to latest cybercrime and fraud research from May, Business Email Compromise (BEC) and Email Account Compromise (EAC) – brought losses in 2018 upwards of $1.3 billion. As a comparison, the equivalent losses recorded for ransomware, an often mentioned and analyzed form of cybercrime, was $3.6 million.
• Digital Extortion profits are down. While early success has led to a proliferation of sextortion spam, profits from these types of scams are declining rapidly according to the latest analysis conducted by Cisco Talos, covering January through March 2019.