Email security trends.

A study by Tessian has found that 94% of organizations in the US reported being targeted by spearphishing attacks in 2022.

Impersonation attacks lead the field.

The majority of phishing attacks involved attempts to impersonate legitimate email addresses:

“Impersonation attacks (where attackers attempt to create legitimate-looking email addresses) were the most common type of advanced email attack in the first nine months of 2022. These types of attacks also ranked as the top email threat that security leaders are most concerned about. On average, security leaders reported 148 impersonation attacks in 2022, followed by 141 spear phishing attacks and 138 email-based ransomware attacks. When asked who was being impersonated the most, over a third of IT and security leaders (37%) responded with threat actors posed as employees in attempts to trick end-users in their organization. This was closely followed by a vendor (32%) and a C-level executive (31%).”

Phishing attacks lead to ransomware.

92% of organizations reported that they’d been targeted by phishing emails that attempted to launch ransomware attacks, and 10% of respondents said their organizations had “received over 450 email-based ransomware attacks since January 2022.”

Insider threats.

The researchers also found that 92% of organizations had experienced data leaks due to employee errors with emails, “such as sending an email to the wrong person or failing to send the correct attachment.”