Going Beyond Built-in Security: Email Threats in 2020

March 31, 2021 TH Author Trend Micro CISO : Digital Transformation, Trend Micro CISO : Expert Perspective, Trend Micro CISO : Report, Trend Micro CISO : Risk Management

Major Email Phishing Stats & Examples from 2020

Risk Management

Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2020.

By: Trend Micro March 31, 2021 Read time: ( words)

As troves of workers moved to work-from-home (WFH) set ups, more emails were sent than ever—306.4 billion of them per day to be precise. Trend Micro™ Cloud App Security discovered 16.7 million high-risk email threats in addition to those detected by built-in Microsoft 365 and Google Workspace security. This annual report discusses why you need to go beyond native security to properly protect your organization.

With an influx of remote workers due to the pandemic, gaps in cloud security were exploited. Cybercriminals not only leveraged blind spots in email services’ built-in security, but they also took advantage of the fear surrounding the pandemic—in the first five months of 2020, 92% of all cyberthreats were spam or phishing emails.

Unfortunately, built-in security for popular email services, like Microsoft 365 and Google Workspace, is simply not enough to stop malicious emails from infiltrating enterprises. In 2020 alone, Cloud App Security detected and blocked more than 16.7 million high-risk email threats in addition to those discovered by email services’ built-in security—a notable 32% increase from the previous year. Illustrating this clearly, in a single organization with 10,000 Microsoft 365 users, Cloud App Security discovered over 755,000 high-risk email threats missed by the built-in security. That’s 75 high-risk emails per user that slipped through Microsoft’s native scanning.

Malware and phishing threats are on the rise.

While remote workers traded business casual for sweats, credential phishing attacks increased in sophistication and increased by 14%.

Email services like Microsoft 365 were routinely targeted; Cloud App Security service detected and blocked more than 314,000 credential phishing attacks from one organization with 10,000 Microsoft 365 users.

BEC: Less doesn’t mean better.

Although business email compromise (BEC) attempts declined by 18%, they still proved to be costly for enterprises. A report from the Anti-Phishing Working Group (APWG) noted that losses associated with BEC continued to rise, from US$54,000 to US$80,183 across 2020. Notable BEC victims include Puerto Rico’s government, which cost them $4.2 million over two months.

Complex attacks = complex solution? Think again.

Cybersecurity leaders should use a multilayered security solution that supplements the built-in security features in email platforms like Microsoft 365 and Google Workspace. SaasS-based solutions like Cloud App Security are easy to setup, and use sophisticated techniques like machine learning (ML) and extended detection and response (XDR) capabilities to better protect your enterprise from threats.

Learn more about the facts and figures of email threats for 2020 as well as mitigation strategies in our annual report.

You May Also Like

Managing Cyber Risk for Under-Pressure CISOs

What Is Zero Trust and Why Does It Matter?

Deliver ISO Compliance with Automation