Email Security Buyer's Guide
Email: The Leading Attack Vector for Cyber Attacks
Cybercriminals are turning to email more than ever to deliver threat-centric content, using it
to introduce malware into corporate systems, steal data, and extort money. With the growing
adoption of cloud mailbox services like Office 365, blended attacks can target an organization
from more than one side.
Although a variety of attack types continue to wage war on business email, three categories
of attack are now causing the greatest concern.
• Ransomware. A particular kind of malware that blocks a target company's access to its own
data, ransomware caused losses of US$1 billion in 2016 (csoonline.com).
• Business email compromise (BEC). A real moneymaker for cybercriminals and an even bigger
threat than ransomware, BEC persuades high-value targets to send funds or sensitive information
to malicious individuals. According to the Internet Crime Complaint Center (IC3), US$5.3 billion
was stolen due to BEC fraud between October 2013 and December 2016 (ic3.gov).
• Phishing continues to be an effective attack method with clever social engineering and
targeted spear phishing that dupes users into activating their campaigns and eventually
compromising entire organizations. During the second quarter of 2017, 67 percent of the
malware hitting organizations was delivered via phishing attacks (nttcomsecurity.com).
With email security, cybercriminals can weaponize three areas of the message.
• The body of the email
• Attachments
• URLs within the email
© 2017 Cisco and/or its affiliates. All rights reserved. 09/17
1 Cisco 2017 Midyear Cybersecurity Report, Cisco (2017). https://www.cisco.com/c/m/en_au/products/security/offers/cybersecurity-reports.html
2 Korolov, Maria. "Ransomware Took In $1 Billion in 2016—Improved Defenses May Not Be Enough to Stem the Tide," CSOonline.com (January 5, 2017).
https://www.csoonline.com/article/3154714/security/ransomware-took-in-1-billion-in-2016-improved-defenses-may-not-be-enough-to-stem-the-tide.html
3 "Business E-Mail Compromise, E-Mail Account Compromise: The 5 Billion Dollar Scam," Internet Crime Complaint Center (IC3) and the Federal Bureau
of Investigation (May 4, 2017). https://www.ic3.gov/media/2017/170504.aspx
4 GTIC 2017 Q2 Threat Intelligence Report, NTT Security (August 8, 2017). https://www.nttcomsecurity.com/en/gtic-2017-q2-threat-intelligence-report/
US $1 Billion loss
from ransomware
2
US $5.3 Billion:
the cost of compromised
business email
3
67% of malware
delivered via phishing
4
