{"id":615543,"date":"2023-03-08T08:49:43","date_gmt":"2023-03-08T14:49:43","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/03\/08\/nine-in-10-enterprises-fell-victim-to-successful-phishing-in-2022\/"},"modified":"2023-03-08T08:49:43","modified_gmt":"2023-03-08T14:49:43","slug":"nine-in-10-enterprises-fell-victim-to-successful-phishing-in-2022","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/03\/08\/nine-in-10-enterprises-fell-victim-to-successful-phishing-in-2022\/","title":{"rendered":"Nine in 10 enterprises fell victim to successful phishing in 2022"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Sebastian-Klovig-Skelton-CW-contributor.jpg\" alt=\"Sebastian Klovig Skelton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Sebastian-Klovig-Skelton\">Sebastian Klovig Skelton,<\/a><br \/>\n\t\t\t\t\t\t<span>Senior reporter<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>07 Mar 2023 15:00<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Email security company Egress finds that 92% of organisations have fallen victim to a successful phishing attack in their Microsoft 365 environments over the past year, with a further 98% of cyber security managers expressing frustration with secure email gateway (SEG) technologies.<\/p>\n<p>According to Egress\u2019 <em><a href=\"https:\/\/www.egress.com\/media\/vjxp1yc2\/egress_email_security_risk_report.pdf\">Email security risks report 2023<\/a><\/em> \u2013 which investigated both inbound phishing attacks and outbound data loss and exfiltration \u2013 58% of cyber security managers said traditional SEG technologies were not effective in stopping employees from accidentally emailing the wrong person or with the wrong attachment, while 53% conceded that too many <a href=\"https:\/\/www.computerweekly.com\/news\/252513683\/UK-organisations-swift-to-chide-phishing-victims\">phishing attacks<\/a> bypass their gateway. \u00a0\u00a0\u00a0<\/p>\n<p>Egress\u2019 data shows that almost half (44%) of phishing emails are classed as \u201ctechnical\u201d, meaning they were specifically engineered to bypass signature-based defences, while over a quarter (28%) were sent from compromised legitimate domains. Out of all account takeover attacks, Egress notes 85% start with a phishing email.<\/p>\n<p>A further 91% of cyber security managers also noted that data has been leaked by outbound emails, although this was due to mistakes or taking risks as opposed to malicious insiders.<\/p>\n<p>Egress said the top three causes for these incidents is risky employee behaviour (i.e. transferring data to personal accounts for remote work), human error (emailing confidential information to incorrect recipients), and self-serving <a href=\"https:\/\/www.computerweekly.com\/news\/252525373\/Most-hackers-exfiltrate-data-within-five-hours-of-gaining-access\">data exfiltration<\/a> (such as taking data to a new job).<\/p>\n<p>Overall, Egress found that 86% of organisations surveyed were negatively impacted by phishing emails, 54% suffered financial losses from customer churn following a successful phishing attack, and 40% of successful phishing incidents resulted in employees leaving the company.\u00a0Nearly all cyber security managers (99%) said they were stressed about <a href=\"https:\/\/www.computerweekly.com\/feature\/Does-email-security-need-a-human-solution-or-a-tech-solution\">email security<\/a>.<\/p>\n<p>\u201cThe growing sophistication of phishing emails is a major threat to organisations and needs to be urgently addressed,\u201d said Jack Chapman, vice-president of threat intelligence at Egress.<\/p>\n<p>\u201cThe signature-based detection used by Microsoft 365 and secure email gateways can filter out many phishing emails with known malicious attachments and links, but cyber criminals want to stay one step ahead.<\/p>\n<p>\u201cThey are evolving their payloads and increasingly turning to text-based attacks that utilise social engineering tactics and attacks from a known or trusted source, such as a compromised supply chain email address.\u201d<\/p>\n<p>He further warned that phishing attacks will only become more advanced as cyber criminals turn to AI-powered technologies such as chatbots to automate and refine their attacks.<\/p>\n<p>Egress noted that the top three types of phishing attacks that people fell victim to were those involving malicious URL or malware attachments, social engineering, and supply chain compromises.<\/p>\n<p>Aside from the SEG issues, managers also expressed concern about their security awareness and training (SA&#038;T) programmes, as while 98% carry out some kind of SA&#038;T, 96% aired a concern or limitation with it.<\/p>\n<p>For example, 46% said employees skip through it as fast as possible, 29% said employees find the training annoying, and a further 37% admitted they are not confident people remember what they are taught.<\/p>\n<p>Egress concluded in its report that, despite investments in traditional email security and SA&#038;T, enterprises remain highly vulnerable to phishing attacks, human error and data exfiltration.<\/p>\n<p>It recommends using intelligent email security solutions to augment traditional SEGs and Microsoft 365, such as integrated cloud email security (ICES) solutions that use behaviour-based security to detect anomalies in peoples actions to detect and stop advanced phishing threats.<\/p>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on IT education and training<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/252514125\/Boardroom-does-not-see-ransomware-as-a-priority\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/meeting-conference-whiteboard-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/meeting-conference-whiteboard-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/meeting-conference-whiteboard-adobe.jpg 1280w\" alt ><\/p>\n<h5>Boardroom does not see ransomware as a priority<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/opinion\/Security-Think-Tank-We-are-failing-to-get-the-cyber-message-across-to-users\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Security-Think-Tank-hero_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Security-Think-Tank-hero_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Security-Think-Tank-hero.jpg 1280w\" alt ><\/p>\n<h5>Security Think Tank: We are failing to get the cyber message across to users<\/h5>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/IP-spoofing\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/3.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/3_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/3.jpg 1280w\" alt ><\/p>\n<h5>IP spoofing<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/WhatIs\/Ben Lutkevich.jpg\" alt=\"BenLutkevich\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Ben\u00a0Lutkevich<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/feature\/How-to-choose-the-right-email-security-service-for-your-organisation\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/email-digital-communications-1-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/email-digital-communications-1-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/email-digital-communications-1-adobe.jpeg 1280w\" alt ><\/p>\n<h5>How to choose the right email security service for your organisation<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/fearn_nicholas.jpg\" alt=\"NicholasFearn\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Nicholas\u00a0Fearn<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365532100\/Nine-in-10-enterprises-fell-victim-to-successful-phishing-in-2022\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Luz Volkman<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale By Sebastian Klovig Skelton, Senior reporter Published: 07 Mar 2023 15:00 Email security company Egress finds that 92% of organisations have fallen victim to<\/p>\n","protected":false},"author":1,"featured_media":615544,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39110,46,1495],"tags":[],"class_list":{"0":"post-615543","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprises","8":"category-technology","9":"category-victim"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/615543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=615543"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/615543\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/615544"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=615543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=615543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=615543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}