Amid the dawn of a new digital era flush with innovative technologies that add ease and optimization to a variety of aspects of our lives, most consumers and enterprises still rely on traditional methods of communication. In fact, emailing, one of the oldest, yet most effective digital communication methods, is experiencing growth unlike ever before, with currently four billion daily users. Furthermore, so far in 2022, there have been 333.2 billion emails sent and received on average each day as organizations begin to take advantage of remote work, using emails to keep spread out workforces connected.
Unfortunately, the rapid growth of email use has become tainted by the unprecedented and swift rise of cybercrime amidst the digital age. A lack of data protection, the side effects of a global pandemic, and an increase in exploit sophistication have led to a huge incline in hacked and breached data. On average, today, there's a cyberattack every 39 seconds, and worldwide spending on cybersecurity is forecasted to reach $133.7 billion by the end of 2022.
As for emails, they've become prime targets for cybercriminals when it comes to attempting to breach or hack an enterprise's servers. Security researchers identified a 48 percent increase in cyberattack attempts targeting email accounts in the first six months of 2022.
"The sheer quantity of emails that are exchanged daily, as well as the human factor, makes email systems a rich target for cybercriminals to attack," said Jeremy Fuchs, Cybersecurity Researcher at Avanan, a Check Point Software Technologies Company. "Using a variety of attack techniques, digital attackers have made the inbox a dangerous place to be, with BEC/EAC (email account compromise) and phishing topping the list as the most prominent forms of attack."
Phishing is one of the most used forms of cyberattacks out there and can be used by cyber attackers in a plethora of situations, not just when it comes to emails. Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source.
“For email-phishing, specifically, the attack starts with a fraudulent email or other communication designed to lure a victim with a message that is made to look as though it comes from a trusted sender,” Fuchs explained. “If it fools the victim, he or she is coaxed into providing confidential information – often on a scam website, or sometimes malware is also downloaded onto the target's computer. These incidents are growing dramatically, despite the best efforts of solutions, including Microsoft's Defender."
Eighty-three percent of organizations said they experienced a successful email-based phishing attack in 2021 versus 57 percent in 2020, equating to a 46 percent increase. With these numbers on the rise, enterprises must be wary, as falling victim to a phishing attack costs, on average, 3.2 million per company in 2021.
BEC is a type of email cybercrime scam in which an attacker targets a business to defraud the company," Fuchs said. "This kind of attack is quickly becoming a large and growing problem that targets organizations of all sizes across every industry around the world. Similarly, EAC is a related threat that is accelerating in an era of cloud-based infrastructure. It is often associated with BEC because compromised accounts are used in a growing number of BEC-like scams."
BEC attacks are on the rise. Over the past seven years, BEC has been responsible for more financial losses in cybercrime than any other attack method. According to the FBI's 2021 Internet Crime Report, 35 percent of all cybercrime losses were attributed to BEC attacks, and in 2022 the percentage will eclipse that number. BEC has accounted for $2.4 billion in adjusted losses for businesses and consumers.
"With these types of email cyberattacks on the rise, organizations of all sizes and industries need to begin prioritizing their cybersecurity and look for ways to enhance their digital defense," Fuchs explained. "Even large enterprises that typically have the budgets, staffing, and other resources to combat cybercrime must begin improving their security posture and addressing ongoing gaps and new attack vectors. With the sizable volume of workers employed at a large enterprise, anyone can be the human error cybercriminals are searching for."
One method many large enterprises are beginning to leverage for cybersecurity purposes is automation, specifically artificial intelligence (AI) and machine learning (ML). According to a global survey, 35.9 percent of respondents reported a high level of automation in security operations and event/alert processing as of 2021, while another 48.7 percent reported a medium level of automation in this area.
The use of all three of these applications, both individually and collectively, has grown quite rapidly among large enterprises thanks to the array of benefits they all have to offer. For example, while they all help reduce human error, automating specific security processes can fully take human error out of the equation. Things like updating passwords and software can be handled by automation, letting employees prioritize their time elsewhere.
Furthermore, when it comes to machine learning, ML modeling can help translate telemetry information into recommended security policy changes. This capability is particularly important for IoT security because it allows security professionals to review and adopt IoT security policy recommendations for all the devices in a network. The result is improved security for the enterprise and time savings for security teams.
"AI can help provide better vulnerability management, which is key to securing a company's network, applications, services, and data," Fuchs said. "Analyzing and assessing the existing security measures through AI research can help in vulnerability management. AI helps enterprises assess systems quicker than cybersecurity personnel, thereby increasing their problem-solving ability manifold. It identifies weak points in computer systems and business networks and helps businesses focus on important security tasks. That makes it possible to manage vulnerability and secure business systems in time."
AI is expected to continue to offer cybersecurity a wide range of benefits, as much like in other sectors; the application is experiencing swift growth. The AI in the cybersecurity market was valued at $8.8 billion back in 2019, but since then has undergone growth at a CAGR of 23.2 percent. Experts estimate that the market may reach $38.2 billion by 2026.
Overall, with cyber attacks expected to grow in volume, speed and, most dangerously, sophistication, large enterprises must start improving their defense before it's too late.
"Humans can no longer scale to sufficiently secure an enterprise-level attack surface, and automation, AI, and ML gives the much-needed analysis and threat identification that can be used by security professionals to minimize breach risk and strengthen their security stack," Fuchs concluded.
Edited by
Erik Linask
