D espite being around for decades , email has hardly changed since its inception . Aside from the move from on-prem to cloud , the average business in 2024 is likely using email broadly the same way as when it first started , and it continues to be the top digital communications tool across all industries .
However , email ’ s ubiquity also means it remains a top target for cybercriminals . Not only is it the broadest and easiest way to target employees , but it ’ s also inherently trusted , which makes it the perfect channel for delivering social engineering attacks .
Mike Britton , CISO at Abnormal Security
Our research found that the volume of phishing attacks targeting organisations in the US increased by 112.4 % over the last year , with a 91.5 % increase for European enterprises .
But it ’ s no longer just traditional phishing attacks that are on the rise . The increasing adoption of cloud-based services , SaaS applications and other emerging technologies like Generative AI have further complicated the email landscape , introducing a variety of new and sophisticated email attack tactics .
Email technology has weathered countless changes yet remains a cornerstone of communication . However , its widespread use and inherent reliability make it an attractive target for cybercriminals , driving them to devise new and sophisticated attacks . Mike Britton , CISO at Abnormal Security , analyses the landscape of current threats and how CISOs can prepare for the next wave .
Email isn ’ t going away anytime soon and if it remains a central element of business communication , it will be essential to keep track of shifting attack trends .
How email attacks are evolving
Cybercriminals are constantly changing their attack methods to evade detection and will often exploit legitimate technologies to disguise their activity .
For example , we have recently seen a substantial rise in file-sharing phishing attacks , whereby threat actors use popular file-hosting or e-signature solutions – like Dropbox or Docusign – as a disguise to manipulate their targets into revealing private information or downloading malware .
The consumerisation of SaaS has been an asset to the criminal world , where attackers can exploit free trials and freemium models to launch these kinds of attacks without exposing their true identities .
The increased accessibility of AI is another factor which complicates the threat landscape .
Email isn ’ t going away anytime soon and if it remains a central element of business communication , it will be essential to keep track of shifting attack trends .
WWW . INTELLIGENTCISO . COM 37