Check Point Software: 90% of company attacks start with a phishing email

Email is one of the main technological innovations that has revolutionised the way we understand the world, as well as reconfigured the business model. Since its invention in 1965, the evolution of this means of communication has been groundbreaking, and according to data from Statista, there were already more than 4.260 billion users who used email in 2022, and the number of emails sent on that same date amounted to 330 billion, with a growth forecast of 17.8% by 2026. However, the high use of this technology has also made it one of the most vulnerable: according to Techopedia, more than 3.4 billion phishing emails occur daily, with these attacks being responsible for 90% of data breaches.

On the occasion of National Email Day, Check Point Software Technologies Ltd. is sharing the evolution of email, to see how it has developed to become one of the main communication tools, and in turn, a central point of attack by cybercriminals. According to Check Point Software, currently, more than 90% of attacks on companies originate from malicious emails. In the last thirty days, 62% of malicious files were distributed via email, and it has been shown that one in 379 emails contains this type of file, with the PDF format being the most common, with a frequency percentage of 59%.

Check Point Software also reveals how phishing is predominant in different regions: in India, an organisation has been attacked on average 2444 times per week in the last 6 months, compared to 1151 attacks per organisation globally. Apart from that, EXE is the top malicious file type by email, with 57%

The evolution from the first Email

Email was invented in 1965 by a group of researchers from the Massachusetts Institute of Technology (MIT). It was the first electronic messaging system for internal use, although at that time it differed greatly from what is known today. In 1971, Ray Tomlinson invented the email system with an infrastructure similar to today’s: it was a personal digital mailbox where you could receive messages.

Email began to be used as a method for conducting business starting in 1978, when the first email marketing campaign was launched by Gary Thuerk. However, email was restricted to business use until the late 1980s. Microsoft Mail was the first program launched for users, which also incorporated the option to add attachments in 1992. From that moment, other electronic mailbox options began to emerge: Microsoft Outlook in 1993, Hotmail in 1996, Yahoo Mail, and Gmail.

Email has been one of the most frequent formulas for distributing malware, with attacks as significant as Creeper or Happy99, causing corporate disasters like WannaCry (3.800 million euros) or MyDoom (34.000 million euros). Phishing attacks are one of the most commonly used formulas for distributing malware and ransomware. This kind of cyber threat started in 1996 when the term was first used by America Online (AOL). Cybercriminals created random credit card numbers and opened new accounts on AOL, posing as employees of the service itself to steal users’ credentials. Later, in the 2000s, the concept of ‘Spray and Pray’ emerged, a phishing campaign in which a well-known brand was impersonated to scam potential customers to steal their credentials.

This cyber threat has evolved by employing sophisticated techniques such as identity spoofing and putting Artificial Intelligence and DeepFake technology at their service. Spoofing is a technique where the use of AI is fundamental: the attacker falsifies the email address to impersonate another person or organisation with the main goal of deceiving the recipient into believing that the email is coming from a legitimate source. Ransomware attacks very often use this kind of method to encrypt the victim’s files or lock the entire system until the ransom is paid. According to Check Point Software, 10% of companies worldwide have experienced ransomware attacks, representing a 33% increase compared to the previous year.

The reach of phishing attacks is unlimited and mainly affects large companies: according to Check Point Research (Brand Phishing Report Q1 2024) on phishing attacks, Microsoft was the most targeted (38% of phishing attacks worldwide), followed by Google and LinkedIn. This type of threat can lead to large-scale data leaks, as happened recently with the well-known case “Mother of all Breaches” this January 2024, a supermassive leak of more than 26 billion records that contains LinkedIn, Twitter, Tencent, and other platforms’ user data.

Email Security with Check Point Software

Implementing best email security practices is an essential factor to protect user data and the reputation and integrity of businesses. For this, it is essential to follow a series of guidelines based on awareness, prevention, and protection:

-Awareness and user training: users must be aware of the threats they face and receive regular training to recognise and know how to respond to cyberattacks.
-Use of strong passwords
-Employment of multifactor authentication
-Updates and patches: keeping email software and device operating systems up to date with the latest security patches to stay protected against potential vulnerabilities.

-Spam filtering
-Use of encryption to protect the privacy and confidentiality of emails.
-Implementing Data Loss Prevention (DLP) and employing secure browsing solutions.

Check Point Software offers comprehensive email protection with Harmony Email & Collaboration, with a focus on AI and ML-driven prevention, equipped to stop the most sophisticated and evasive attacks, as well as complete protection against malware and ensuring that all confidential company information is kept safe. This technology has been recognised as the most effective in protecting email and communications by the Omdia Universe Email Security 2024 report, with a success rate of 99.8%.

“Email is currently one of the most effective tools for companies and although the advantages it offers are numerous. Nevertheless, it is necessary to always stay alert against cyber-attack attempts leveraging emails, from ransomware attacks to cunning phishing schemes and scams. The integration of AI technologies into these threats has only heightened the urgency for robust defenses in the organisation and at home. We must prioritise the implementation of robust email security solutions, comprehensive user education, and maintaining a culture of vigilance to stay ahead of such threats. This is an indispensable requirement for any organisation to maintain the safety and integrity of their operations.” explains Sundar Balasubramanian, India and SAARC MD, Check Point Software Technologies at Check Point Software.

AItechnology
Comments (0)
Add Comment