No business can exist without communication through emails. But this makes malware developers very happy since they have an ever-expanding canvas to plant their malicious content and hijack machines and complete networks even.
In a new report from cybersecurity firm FireEye, researchers have observed a key observation that around 1 percent of all emails exchanged across the world have been found to carry malicious contents.
The figure given by them in the report is one in every 101 emails. They took a whopping half-a-billion emails to study and came out with this finding. Their report had some additional information too which is worth learning about.
Some Interesting Statistics
While mere numbers don’t necessarily convey anything specific, one must understand the magnitude of an issue through the figures and percentages that emerge from such research.
While this figure of one out of every 101 emails might not sound so alarming, when you look at the absolute figure, which is close to 5 million phishing mails in just half a year, would send shivers down anyone’s spine.
And this is more or less corroborated by the other statistic which says over 90 to 92 percent of all cyberattacks reported have been using malicious content in emails.
And when it comes to businesses being targeted for phishing attacks, over 75 percent claim their organizations have been targeted at least once in the past year (2017) and they were all via phishing attacks.
More than half the amount of emails delivered to any individual are spam emails.
Hackers Always a Couple of Steps Ahead
What has baffled the cybersecurity experts over time is that the attackers come up with new methods of forcing their way through the firewalls and anti-malware programs being run on the computer networks.
One such important fact that has emerged is that there are malware-less phishing email attacks.
CEO fraud is one such category that is being reported with increasing frequency. It requires not only the cybersecurity experts to remain vigilant to such unforeseen trends but the whole chain of stakeholders need to be alert to thwart any threat to the security of the systems they use. This includes the network administrator or the systems engineer entrusted with the onus of protecting the integrity of the systems, the hundreds and thousands of employees at different operational levels who use the computers and so on.
As the experts point out, it requires just one email with malicious content to jeopardize a complete network comprising hundreds of systems. One employee opening a phishing email is enough for this to happen.
More Facts Revealed About the Trends Observed
It might sound odd or funny even to go through the observations that the team at FireEye found when analyzing the half-a-billion emails of the six-month study period.
One such observation says the attacks appear to happen on Mondays and Wednesdays more than any other days of the week.
That is where the emails have been found to be carrying malware. When it comes to phishing attacks with malware-less mails, these appear to be happening on Thursdays.
If it is a kind of impersonation attack, then the possible day of the week for such attacks is Friday.
The weekends are not spared either. In earlier studies it had been reported that attackers choose weekends, since the attack goes undetected until Monday and they can carryout their mischief before then.
Experts Stress on Education
The next obvious question would be how organizations can escape cyberattacks, particularly through phishing emails.
The most frequently offered advice by the experts in the field is to educate and keep educating employees on security threats.
As mentioned above, one employee’s mistake can be the cause of massive damage to the organization. The remedy is to hold orientation sessions.
The employees need to be taken out of their comfort zones and put through compulsory training on how to handle their emails and be committed to ensuring they don’t fail.
One of the important lessons given is not to open any email that has been sent from unknown sources.
Having a fail-safe anti-malware program installed is just one part of the solution. Alertness and commitment to cybersecurity are critical at all levels of the hierarchy.