Email – Heavily Used, Yet Highly Dangerous

Although the importance of communication tools such as Slack and Microsoft Teams has steadily increased in recent years, email remains supreme in many companies. More than 333 billion emails are sent worldwide every day. This makes it all the more important for companies to optimize their internal security mechanisms and train their staff. Umut Alemdar, Head of Security Lab at Hornetsecurity, explains what is important here.

Emails in Microsoft 365 environments – an unrecognized threat?

The trend towards work-from-everywhere in recent years has exponentially increased the spread of Microsoft 365 worldwide: the platform is becoming increasingly integrated into a company’s operational processes – be it through office, communication or even productivity applications. But that’s precisely what makes it all the more attractive to cybercriminals. Nevertheless, many companies still believe that their data is 100% protected in such cloud services. In its shared responsibility guidelines, Microsoft explicitly states that customers themselves are responsible for configuring their data security policies, protecting their data from failure and loss – and above all: meeting their own compliance requirements. However, Hornetsecurity’s Cyber Security Report 2023 shows that one in four IT admins are not fully aware of the risk of ransomware attacks on Microsoft 365.

The report analyzed more than 25 billion emails. The result: nearly one in two (40.5%) were malicious, with only about five percent of potentially dangerous mails being recognized as such by employees. This once again highlights the importance of an attentive and well-trained workforce. After all, it’s no secret that industries that handle highly sensitive data – such as healthcare, utilities, or finance and insurance – are popular targets for hackers. In addition, companies from the automotive and retail sectors, as well as from the manufacturing industry, were increasingly targeted last year. The most popular method of attack (39.6%) was phishing.

Thread Trends 2023: These three tactics deserve special attention

While DeepFakes dominated the headlines in many locations last year and will continue to need special attention in 2023, IT admins should give their end users special training regarding their email security strategy, with a particular focus on three main aspects:

• Check attachments: While Microsoft now automatically blocks macros in Word and Excel files, cybercriminals are now increasingly sending files in LNK format or trying to access company data via malicious links. End users should therefore avoid clicking on external, insecure links or opening LNK attachments without first having them approved by IT.
• Beware of QR codes: Mobile devices are increasingly becoming a core interface between personal and professional life. One example would be multi-factor authentication (MFA), which in many cases is controlled via a private smartphone. In combination with QR codes, which are a far more common part of everyday life, there lurks a danger that should not be underestimated: QR code phishing or Quishing is becoming increasingly popular as a cyber-attack method, tempting end users to scan a QR code with their smartphone camera. Especially if an MFA app is installed on the same cell phone, employees run the risk of becoming a security leak. For this reason, it is important to thoroughly check the linked source of a QR code before trusting it.
• Charity fraud: When a catastrophe shakes humanity worldwide, such as the earthquakes in Turkey and Syria or the ongoing war in Ukraine, many people are eager to help and make a donation. However, charity fraud has recently become a particularly dangerous scam used by hackers. This trend will continue in 2023. Therefore, special attention must be paid to donation appeals and accounts.

The human factor: solution or problem?

Achieving a high level of protection for one’s own data requires, on the one hand, advanced technology in the form of robust security, backup, and recovery solutions that mesh seamlessly across platforms. For example, an add-on tool that checks QR codes for malicious links can provide valuable services.

On the other hand, as always, a chain is only as strong as its weakest link. If we apply this to corporate IT security strategies, the weakest link is the workforce. The Employee Security Index (ESI®) Benchmark Report shows that employees can gain an adequate understanding of the risks posed by cyber-attacks in just three months of training. However, to ensure that the workforce is prepared for the increasingly tricky methods used by cyber-attackers, this training must be continuous – the report shows that after just a four-month break, the level of knowledge falls back to zero.

Most importantly, only when the entire cybersecurity cycle, from awareness to preparation to detection, is covered by training can a sustainable security culture emerge throughout the organization. If companies manage to keep their employees up-to-date, the problem becomes the solution. After all, the best corporate firewall an organization can have is an alert workforce.

With over a decade of experience in email security, security research, and software engineering, Umut Alemdar is Head of Security Lab at Hornetsecurity. He has a solid understanding of the current cybersecurity landscape. He has conducted extensive research on various exploits, phishing attacks, and malware and has participated in and led engineering efforts for cybersecurity solutions. At Hornetsecurity, he has been working with organizations, ranging from small businesses to large corporations, to ensure their security needs are met, and the appropriate security measures are implemented. Additionally, he provides valuable input in product development and features to ensure Hornetsecurity continuously innovates and provides users with the most effective protection. Umut's mission is to create a safe and secure workplace for everyone.