Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Email is the #1 Threat Vector. Here’s Why.

  • 11 March 2021

Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.

Billions of people use email everyday — it’s the backbone of online collaboration, administration, and customer service.

But businesses lose billions to email-based cyberattacks every year. Workers use email to exfiltrate sensitive company data. And simple human errors, like sending an email to the wrong person, can be highly problematic.

The bottom line: for all its benefits, email communication is risky and, according to research, it’s the threat vector security leaders are most concerned about protecting. 

This article will look at the main threats associated with using email — and consider what you can do to mitigate them.

The scope of the problem

Before we look at some of the risks of email communication, let’s consider the scope of the problem. After all, around 4 billion people worldwide use email regularly. 

  • 2020 estimates showed that people send and receive around 306.4 billion emails per day — up 4% from 2019.
  • The Digital Marketing Association suggests that 90% of people check their email at least once per day. 
  • Adobe data shows that email is the preferred contact method for marketing communications — by a long shot.

So, with alternative platforms like Slack and Teams rising in popularity. why does email remain the world’s main artery of communication? Email is platform-independent, simple, and accessible. No company would consider cutting email out of its communication channels. 

But for every “pro” involved in using email, there’s a “con.” If you’re relying on email communication, you need to mitigate the risks.

Security risks involved in using email 

A major risk of email communication is security. Because it’s so flexible and easy-to-use, email carries a unique set of security risks.

Phishing attacks 

Phishing is a type of online “social engineering” attack. The attacker impersonates somebody that their target is likely to trust and manipulates them into providing sensitive information, transferring money, or revealing login credentials.

Around 90% of phishing occurs via email. Here are the main types:

  • Spear phishing: The attacker targets a specific individual (instead of sending bulk phishing emails indiscriminately).
  • Whaling: The attacker targets a CEO or other executive-level employee.
  • Business Email Compromise (BEC): A phishing attack in which the attacker appears to be using a legitimate corporate email address.
  • CEO fraud: The attacker impersonates a company’s CEO and targets a junior employee.
  • Wire transfer phishing: The attacker persuades a company employee to transfer money to a fraudulent bank account.
  • Credential phishing: The attacker steals login details, such as usernames or passwords

While today, most people are attuned to the problem of phishing, the problem is only getting worse. Don’t believe us? Check out these 50+ must-know phishing statistics.

That means phishing protection is an essential part of using email. Looking for more information on inbound email protection? Click here. 

Insider threats

As well as inbound email threats, like phishing, you must also consider the threats that can arise from inside your business.

Tessian survey data suggests that 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving their job. The most competitive industries — like tech, management consultancy, and finance — see the highest rates of this phenomenon. 

Email is a quick and convenient way to send large amounts of data to external contacts — and can be a pipeline for disgruntled or corrupt employees to siphon off company assets.

If you want to learn more about insider threats, including real-world examples, check out these articles:

  1. What is an Insider Threat?
  2. Insider Threat Types and Real-World Examples
  3. Insider Threat Statistic You Should Know
  4. Insider Threat Indicators: 11 Ways to Recognize an Insider Threat

Remote working

Phishing is a booming criminal industry — and there’s evidence that the new patterns of remote working are making phishing more common than ever.

Tessian research shows that 65% of US and UK employees received a phishing email when working remotely in 2020 due to the COVID-19 pandemic, and 82% of IT leaders think their company is at greater risk of phishing attacks when employees are working from home.

If your company operates a hybrid or remote working model, email security is even more crucial.

Human error on email

Innocent mistakes can be just as harmful as cyberattacks. In fact, 88% of data breaches are caused by human error.

Misdirected emails

Research shows that most people have sent at least one email to the wrong person, with nearly one-fifth admitting to sending an email to someone outside of their organization.

Our platform data also shows that there are, on average, 800 misdirected emails per year in companies with more than 1000 employees.That’s two a day

Sending an email to the wrong recipient is so common, you might not think they’re a big deal. But data from the UK’s Information Commissioner’s Office (ICO) consistently shows that misdirected emails are the number one cause of reportable data breaches.

Misspelling, autocorrect, reply-all — these are all reasons you might send an email to the wrong recipient. It’s a serious risk of email communication — but you can prevent it.

Misattached files

Along with misdirected emails, “misattached files” are a major cause of data loss. New data shows some very worrying trends related to people sending emails with incorrect attachments.

First, here’s what’s inside the documents people are sending in error:

  • 42% contained company research or data 
  • 39% contained security information, such as login credentials 
  • 38% contained financial information and client information 
  • 36% contained employee data

The survey also shows that – as a result of sending misattached files – one-third lost a customer or client — and 31% faced legal action.

Email communication: how to mitigate the risks

The risks we’ve described all depend on human vulnerabilities. Cyberattackers prey on people’s trust and deference to authority — and anyone can make a mistake when sending an email.

That’s why email security is a must. Looking for help choosing a solution? We’ve put together this handy guide: 9 Questions That Will Help You Choose the Right Email Security Solution.

If you want more tips, how-to guides, and checklists related to email security specifically and cybersecurity more broadly, sign-up for our newsletter! 

While you’re here…

Tessian software mitigates all types of risks associated with email communication:

  • Tessian Defender: Automatically prevents spear phishing, account takeover, business email compromise, and other targeted email attacks.
  • Tessian Enforcer: Automatically prevents data exfiltration over email.
  • Tessian Guardian: Automatically prevents accidental data loss caused by misdirected emails and misattached files.
[if lte IE 8]
[if lte IE 8]