SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
Egress report highlights rising concern over phishing threats
Mon, 22nd Jan 2024

The increasingly insecure cyber landscape has cast a spotlight on the escalating threat of complex phishing attempts. To ascertain how cybersecurity leaders are responding, Egress has rolled out its latest Email Security Risk Report.

The report evaluated views from 500 cybersecurity leaders across organisations of various sizes about the threat landscape, their vulnerabilities to inbound and outbound risks, and their ongoing doubts regarding the effectiveness of traditional approaches to email security. The alarming figures revealed in the study indicate the severity and rise of these threats.

According to the findings, 94% of organisations fell victim to phishing attacks, marking a 2% increase from the previous year. In a more significant leap, 96% of surveyed organisations experienced negative impacts due to phishing attacks; a surge of 10% compared to the previous year's report.

Emerging technologies have also ignited considerable concern, with 63% of cybersecurity leaders losing sleep over deepfakes and 61% over AI-chatbots used for creating expedient phishing campaigns. Further demonstrating the expanding cyber threat landscape, 58% of organisations experienced account takeover incidents.

Jack Chapman, VP of Threat Intelligence at Egress, highlighted some significant trends unearthed from the report. He pointed out, "94% of respondents fell victim to phishing attacks. Organisations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration, and analysing emerging trends will be key to bolstering defenses."

Moreover, Chapman drew attention to the pervasive concern among cybersecurity leaders regarding phishing attacks and compromised accounts; he noted, "58% of organisations have experienced account takeover incidents in the last 12 months, and 79% of these started with a phishing email that harvested an employee's credentials."

Also, the VP emphasised the rising apprehension about the use of AI by cybercriminals, professing that, "While it’s currently impossible to actually prove chatbots are being used to create phishing attacks, cybercriminals generally take every advantage they can get."

Keeping the stark statistics coming from the report in mind, Chapman surmised that the numbers are "truly staggering." He concluded by stating, "94% of companies have experienced security incidents in the last 12 months. Organisations urgently need to adapt their approach, or risk finding themselves in the same position next year."

The report also underlines significant concerns about the emotional and occupational impact on employees due to email security incidents. Among surveyed organisations, 96% experienced negative outcomes from phishing attacks, a 10% jump compared to last year's figures. Consequently, the consequences for personnel involved were grim, with 51% disciplined and 39% fired due to such instances.

Furthermore, similar outcomes were witnessed from outbound threats with 94% of surveyed companies report being adversely affected - marking an 8% increase from last year. These incidents led to severe repercussions for staff, with 51% facing disciplinary action and 67% leaving the organisation, either voluntarily or forcefully.

Meanwhile, the emerging concerns regarding Artificial Intelligence (AI) and its role in cyber threats continue to burgeon. As AI adoption spreads, 63% of cybersecurity leaders are losing sleep over the potential use of deepfakes, and 61% over AI chatbots for efficient phishing campaigns. According to these leaders, organisations should continually assess their defences considering the evolving threat environment.