The financial services industry is the sector most targeted by email-based cybersecurity attacks, according to a new report from VIPRE Security Group.
The Email Security in 2023 report states that 48 per cent of the attacks carried out in 2022 were targeted at businesses operating in the financial sector, an increase of two per cent compared to 2021.
The report also found that there is an increase in cybercriminals posing as multi-factor authentication vendors, with the most common phishing links being compromised websites (52 per cent), newly registered domains (39 per cent) and subdomain cybersquatting (9 per cent). Microsoft continued to be the most spoofed URL tracked in 2022, with Spotify in second place.
The risk of insider attacks is also increasing, with them taking 85 days on average to contain in 2022, compared to 77 days the previous year.
The report also highlighted ways that businesses and employees can protect themselves against email attacks. Organisations should encourage individuals to think twice before opening a push notification as many cybercriminals are posing as cybersecurity vendors. They should also raise awareness around job-related spam as the number of remote jobs and online meetings and interviews rise.
Organisations should also be wary of as-a-service models as they are becoming an easy entryway for cybercriminals to attack server message blocks directly.
“It takes international resources, experienced analysis, and enterprise-level technology that only an experienced email security provider can offer to create a report like this,” said Usman Choudhary, chief product and technology officer at VIPRE. “We know the experience we have in this space is unique, and the small and medium enterprise community might not get this type of information elsewhere, at least not on the scale or with the scope that we can offer it and we’re pleased to make this valuable resource available.”
Read the full report on VIPRE’s website.