The COVID-19 pandemic accelerated the rise of digital organizations as more people shifted to remote work. Suddenly, people were forced to work, study, and shop from home. But while digital offerings were safer for our health, the increase in online activity also brought on the proliferation of threats to email security.
According to CGI, their Security Operations Centres have experienced a surge of around 30000% increase in threats, including emails pretending to come from trusted organizations such as the World Health Organization and the U.S. Center for Disease Control and Prevention.
Already in the first quarter of 2021, despite good hopes of leaving the COVID-19 behind in the "near" future, cyber attackers continue to use the pandemic to their advantage and threaten email security. With that in mind, here are the top 5 trends in email security to look out for in 2021:
The continuing evolution of phishing attacks
From committing fraud to distributing malware to stealing credentials, phishing scams have become increasingly more sophisticated. The rise in remote working caused by the pandemic made email users more susceptible to fraud as more looked to their communications and connections to stay updated on COVID-19 news. In just a few short months since the start of the quarantine, there was already a reported 350% rise in phishing attacks. As we enter 2021, attackers are likely to persist and find new ways to exploit vulnerabilities as the world anticipates news on the vaccine and ways to navigate the “new normal.”
The rise of CEO fraud
By impersonating the CEO or other high-level executives of an organization, attackers are able to trick the recipient into revealing sensitive information. They could get the finance department to transfer money or the HR to send confidential information. This type of spear-phishing email attack is also known as Business Email Compromise (BEC) or whaling.
In 2019, BEC scams accounted for half of the total losses caused by cybercrime. And in 2020, the FBI has warned businesses that COVID-19 related BEC scams are a growing threat, with attacks being reported not just in the U.S. but also in over 150 countries.
More cybersecurity awareness training to catch phishing scams
The amount of cyber-security training conducted by companies may simply not be enough. According to a 2020 Phishing Report, 76% of organizations conduct cybersecurity awareness training; however, training may only occur quarterly or once a year. Because attackers continue to evolve, employees and even remote learners should be retrained and retested more regularly to ensure they can correctly identify phishing emails and be aware of any new advanced threats.
Growing cybersecurity budgets for 2021
With COVID-19 and the cybersecurity threats it comes with still very much an issue as we enter the new year, organizations planning for business continuity have recognized the need to readjust their IT spending. While overall budgets will shrink, industries like the financial sector forecast an increase in technology spending, with 64% of the executives surveyed by Deloitte & Touche LLP expecting cybersecurity budget increases.
Remote workers become a growing target
With more employees working remotely, attackers hope more employees will change their behavior, particularly when it comes to cybersecurity. Organizations need to support their remote workforce and devices by training them to protect themselves from threats and expose sensitive company information. Ensure your workforce is utilizing multi-factor authentication and complex passwords. However, enforcing a strict email security strategy is just a start. To detect and avoid the latest and most advanced cyber threats, you need an advanced email security ecosystem.
For a robust email security solution with a high operationalisation level that will protect you in 2021 and beyond, contact us.