Read Time:1 Minute, 49 Second

Most employees opt to delete suspicious emails rather than report them to their higher-ups. Little did they know that it could do more harm than good to their cyber systems.

A “frighteningly low” number of employees are informing their company regarding a potential email attack, even though there has been an increase in business email compromise (BEC) cases this past year.

For context, according to Microsoft, a business email compromise (BEC) attack is a cybercrime in which the fraudster uses email to convince someone to contribute money or reveal sensitive company information.

A report released by Abnormal Security shows an 81 per cent increase in the number of BEC attacks from the first to the second half of 2022.

Even though the numbers state that 28 per cent of the received employees opened compromised emails upon receiving them, and 15 per cent of them were responded to, only 2.1 per cent of the attacks were reported to the employers.

“On top of frighteningly low reporting rates for attacks, the majority of messages reported to security teams aren’t even malicious,” the report said. “On average, 84 per cent of employee reports to phishing mailboxes are either safe emails or graymail.”

Almost 98 per cent of the attacks are concealed from the company, making them unaware of the existence of a threat. As a result, most companies need to implement proper strategies to safeguard their systems against attacks. 

“But security professionals know that opting to just delete the email without reporting it can be almost as damaging since it eliminates the opportunity for the security team to warn other employees about the attack,” the report said.

According to Abnormal Security, investing more money in email security could also be beneficial because it can ensure that BEC threats never get to employees.

“While security awareness training will help reduce the risk of employees engaging with a threat actor, it’s even better to minimise the number of attacks they receive in the first place,” the report said. “Any time an employee has to assess whether an email is malicious is an opportunity for them to make a mistake — and for an attacker to capitalise.”

About Post Author

Christopher Clark

christophermasonclark@gmail.com
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
0 0
In, ,
Previous post A Call for IT Security Budget Increase: APAC Enterprises Need to Cope with the Evolving Threat Landscape
Next post Prime Minister Albanese to Take an Aggressive Stance Towards Cyber Security, Launching a Secret Investigation in Optus and Medibank Cyber Attacks

More Stories