9 in 10 data breaches due to phishing attacks aimed at employees: survey

Employers urged to train staff in identifying, reporting malicious emails

9 in 10 data breaches due to phishing attacks aimed at employees: survey

Nine in 10 data breaches in 2023 originated from phishing attacks targeting employees, as Secure Email Gateways (SEGs) struggle with more sophisticated phishing campaigns.

An SEG is a form of email security technology that adds another layer of protection from spam and malicious emails to prevent them from reaching a user's inbox, according to Cofense.

But Cofense's 2024 Annual State of Email Security report found that SEGs are finding it hard to keep up with evolving phishing campaigns, as it recorded a 104.5% increase in the number of malicious emails bypassing SEGs.

The healthcare and finance industries remain the top targeted industries, with increases in malicious emails bypassing SEGs at 84.5% and 118%, respectively, according to the report.

"The data we present in this report speaks directly about the escalating sophistication of cyber threats, which demand a different approach to effective email security," said David Van Allen, CEO of Cofense, in a statement.

Major cyber threats

Credential phishing emerged as a top threat vector in 2023, with a 67% increase in volume in 2023 compared to the year prior.

"This sophisticated form of attack often involves convincing individuals to give up their login information or other sensitive data, which can then be used to gain access to secure systems and networks," the report read.

The use of QR codes in phishing campaigns are also "rapidly increasing," according to the report, as well as vishing, smishing, and brand impersonation tactics.

"It's evident that the email-based attack vector is evolving at an unprecedented pace going into 2024," Van Allen said.

Amid growing threats, the report advised that organisations should no longer settle for "good enough" email security.

"With the increasing frequency and severity of email attacks, it is essential to train your employees to identify and report malicious emails, while deploying industry-leading solutions to identify and remediate threats that are actively bypassing SEGs," the report read.

Recent articles & video

Worker cries dismissal with notice was wrongful, says 'poor performance' wasn't proved

TikTok lays off 481 employees in Malaysia: reports

Average salary hikes in Hong Kong, GBA dip in 2024

Employers in Europe struggling to manage political discussions at work

Most Read Articles

Singapore unveils digital platform to boost business transition to net-zero emissions

Singaporean Gen Zs show high preference for hybrid work: survey

Four charged in $3.2-million fraud scheme involving 'ghost workers' in Hong Kong