Secure Email Gateways (SEGs) are struggling to keep up with sophisticated email phishing campaigns. According to Cofense’s 2024 Annual State of Email Security report, there’s been a 104.5% increase in the number of malicious emails bypassing SEGs in the past year.
In just two years, Cofense’s software has uncovered almost 800,000 unique malicious email campaigns. The raw numbers of detected emails indicate a 37% increase in 2023 compared to 2022 and a staggering 310% increase over 2021. This marks a fourfold rise in email attacks in just two years.
The Rise in Credential Phishing
More than 90% of data breaches detected in 2023 centered around credential phishing, a 67% increase from the prior year. This form of attack usually involves convincing individuals to disclose their login information or other sensitive data, which can then be used to gain access to secure systems and networks.
Cofense says that credential phishing can lead not just to ransomware attacks and data breaches, but to business email compromise (BEC) schemes that defraud companies out of millions of dollars. According to the FBI, BEC attacks accounted for a total of $2.7 billion in losses in 2022.
Healthcare and finance sectors remain the top targeted industries for phishing attacks. They saw increases in malicious emails bypassing SEGs at 84.5% and 118%, respectively, over the past year.
Growing on Many Fronts
This isn’t the only recent data demonstrating weakness in the ability to thwart phishing attacks. The 2024 Email Security Risk Report, published by Egress, revealed that 79% of account takeover (ATO) attacks started with a phishing attempt. More than half (58%) of organizations surveyed said they suffered their own ATO attacks. The three most common activities cybercriminals performed after taking over an account were making fraudulent credit card transactions, moving funds out of person-to-person services like PayPal, Venmo or Zelle, and changing account contact information so they can confirm transactions when an institution reaches out.
Last month, research from Trustpair revealed that 83% of companies were targeted by cyberattacks in the past 12 months, resulting in losses exceeding $1 million for 36% of those successfully targeted. Despite 67% of companies having full knowledge of this trend, a significant number still lack robust defenses to thwart such cyber threats.