Millions of email attacks missed by organisations’ cyber security protection
Millions of email attacks are being missed by organisations' cyber security protection, according to new research from Barracuda.
In 2020, 4550 organisations used Barracuda Email Threat Scanner to scan 2,600,531 unique mailboxes and found 2,029,413 unique attacks. On average, 512 attacks were found per organisation, and one out of seven mailboxes (14%) had at least one attack currently sitting inside, even if messages were scanned by an email gateway solution, the cyber security firm says.
The attacks detected fall into four email threat types: phishing, scamming, extortion, and business email compromise (BEC). Of the 2,029,413 unique attacks detected, phishing was the number one threat missed by the organisations email security solutions (59%). Scamming was the second most common (39%).
Extortion, at 9%, and BEC, at 8%, were less prevalent, but cybercriminals tend to send these types of attacks in smaller volumes because they are highly personalised.
"Spear phishing threats are more dangerous than ever due to the sophistication of attackers, and while organisations have invested in protection against email threats, many of these attacks slip through gateways, landing in users inboxes," says Don MacLennan, SVP, Engineering - Product Management, Email Protection, Barracuda.
"As these numbers show, traditional email gateways are not enough. Customers should also use API-based inbox defenses to maximise their protection," he says.
Kristian Connor, director, at Xitenys, says many email threats slip past the email gateway.
"Threats like spear phishing and business email compromise put companies at significant risk," Connor says.
"Barracuda Email Threat Scanner detects these threats and helps us uncover additional ways we can help customers protect their people and data."
Barracuda has also announced a redesigned version of the Barracuda Email Threat Scanner, a free tool that was used to obtain the above data, and can help any company detect email threats that get past their email gateway.
According to the company, the refreshed Barracuda Email Threat Scanner brings a complete user interface update to the scanners dashboard. This includes a scan preview page, which allows users to monitor their scans progress while the scan is running.
It also includes access to early results as Email Threat Scanner scans mailboxes and finds attacks, and, improved dashboard reporting of detected threats, making it easier to hone in on specific insights and interpret the findings.
Barracuda Sentinel integrates directly into Office 365 to find threats inside a user's mail system that security gateways are unable to see.