Top 3 Email Security Threats to Watch in 2022

Cybersecurity
Written By Callie Sierra
 
 

WIRED just released its Worst Hacks of 2021 list, which is far less positive and exciting than other lists and awards, like the Hasty Pudding Woman of the Year award. From the WIRED list, we see that 2021 was “open season for attackers around the world”, from aggressive ransomware gangs to supply chain attacks. Disturbingly, there’s no sign of abatement in 2022. As we head into the new year, email continues to be the single most significant threat vector for nefarious attackers. In this post, we highlight some of the top email security threats you’ll face this year, including some tips to protect your inbox and your organisation.

Phishing Remains a Top Threat

According to Proofpoint’s 2021 State of the Phish report, a staggering 75% of organisations experienced a broad-based phishing attack, both successful and unsuccessful, and this figure is expected to grow in 2022. 

Phishing attacks are not a new phenomenon; what makes them particularly alarming in the year ahead is the increased sophistication with which cybercriminals are flawlessly impersonating major companies, vendors, even your colleague down the hall! Wide-net approaches (in which multiple recipients are sent the same email) remain the top form of phishing, but we also see highly targeted spear phishing, whaling, and business email compromise attacks, which carry a level of elegance that makes these attempts difficult to spot and block.

During the first six months of the pandemic, we saw a 73% rise in email phishing attacks in the UK and COVID-related attacks continue to be a problem in 2022. In one recent attack, hackers sent out emails with the subject line, “Get Your Free Omicron PCR test—Apply now to avoid restrictions” in an attempt to trick people into giving up personal information. In another case, attackers suggested via email that individuals had been in contact with an infected person, which led people to click on illegitimate links and provide personal data. 

To best protect your organisation from these relentless and sophisticated phishing attacks, block access to malicious, hacked, or inappropriate websites using web filtering.

BEC and Impersonation Attacks Are Costly

Brand impersonation and business email compromise (BEC) remain a major threat to businesses of all sizes. In a BEC attack, a hacker uses email to trick employees into transferring funds into illegitimate accounts. Often, these attacks target accounts payable departments, and the emails appear to be from a trusted source, like a supplier or senior executive. It’s exactly because of this highly targeted nature that makes BEC and impersonation attacks so successful. 

The Verizon Data Breach Investigations Report 2021 shows a rapid rise of brand impersonation attacks (called misrepresentation) that is 15 times higher than it was 2020! Another report suggests that 35% of organisations said BEC accounted for half of all security incidents they experienced. BEC attacks also result in the greatest expense to victims; losses due to BEC approach $2B per year and are only increasing. 

Protect yourself from targeted BEC and impersonation attacks with an email gateway that protects against impersonation attacks—such as BEC, CEO fraud, and whaling—and adopt standard authentication protocols such as SPF, DKIM, and DMARC that can actively stop domain spoofing.

Ransomware-as-a-Service will Flourish in 2022

If WIRED’s Worst Hacks of 2021 list shows anything, it’s that ransomware continues to be a significant threat in 2022, especially as the focus of cybercriminals shifts heavily to small and medium-sized businesses (SMBs). In addition, ransomware-as-a-service (RaaS) has become a booming business. RaaS is an established industry in which malware creations are sold to hackers via lease or subscription. This makes it easier for more attackers to unleash more ransomware attacks; it also makes it more difficult to track down the original provider or operator or such attacks. This devastating model will, unfortunately, flourish in the year ahead. One source suggests that the ransomware of 2022 will be more sporadic, dangerous, and carry a higher cost

On top of this ominous forecast, we still have many people working from home or remote offices amidst the pandemic. With many users performing tasks while remotely logged into their office network, the need for vigilance, as well as the need for adequate protection against such attacks, has never been greater. 

Email is one of the main ways ransomware makes its way into your businesses. To best protect your organisation, it's crucial to have the right email security gateway in place to avoid email-borne ransomware. 


We know this isn’t the most positive year-ahead post, but it’s an important one. To help protect your business from these very real threats, Optec has teamed up with Libraesva to offer an integrated email gateway security solution for cloud-based platforms. With proactive planning and the right partnership, you can put in place the protections you need to stop the damaging attacks we expect to see in the year ahead.

Please download our fact sheet or get in touch to learn more.  

Related posts

Blog
Modernising Microsoft 365 Data Protection
Cybersecurity
Modernising Microsoft 365 Data Protection
Cybersecurity

Discover how to modernise your Microsoft 365 security protection to keep your data secure.

Read More →
Cybersecurity
3 Reasons to Move to Cloud Security-as-a-Service
Cybersecurity
3 Reasons to Move to Cloud Security-as-a-Service
Cybersecurity

Discover why organisations are making the shift to buying cloud security on an as-you-go basis.

Read More →
Cybersecurity
Top 3 Email Security Threats to Watch in 2022
Cybersecurity
Top 3 Email Security Threats to Watch in 2022
Cybersecurity

Some of the top email security threats you’ll face this year, including some tips to protect your inbox and your organisation.

Read More →
Cybersecurity
Endpoint Security for the Work-from-Anywhere Workplace
Cybersecurity
Endpoint Security for the Work-from-Anywhere Workplace
Cybersecurity

As more people work from home and other remote locations, protecting your organisation’s endpoints should be a top priority.

Read More →
Cybersecurity
Four Tips to Secure the Hybrid Workplace of the Future
Cybersecurity
Four Tips to Secure the Hybrid Workplace of the Future
Cybersecurity

As more businesses move towards a hybrid workforce, we look at 4 key considerations to keep your company and employees secure.

Read More →
Cybersecurity
4 Steps to Building Cyber Resilience for your SMB
Cybersecurity
4 Steps to Building Cyber Resilience for your SMB
Cybersecurity

As we usher in the new year ahead, we urge you to follow through on one key resolution: to build a robust plan toward greater cyber resiliency.

Read More →
Cybersecurity
Callie Sierra
Previous

3 Reasons to Move to Cloud Security-as-a-Service
Next

Bringing Enhanced Agility and Security to Swansea Council