Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.
Over the last several years, the cybercriminal economy has undergone a sea change in maturity and sophistication. And it’s not going to slow down any time soon. Looking at the numbers:
As a consequence, cyber insurance premiums are now in record territory, witnessing 75% to 100% increases over the past 12 months – with some of the leading insurers now excluding coverage for nation-state cyber attacks.
The bottom line: the threat paradigm has evolved, and ransomware is the biggest challenge security leaders face.
The increasing sophistication of ransomware attacks (both in target acquisition and attack execution) points to a new level of maturity. Cybercriminals are displaying a level of sophistication akin to organized criminal groups. What compounds the challenge is a sizable share of these organized criminal groups have nation-state backing.
Recent trends point to increasing commercialization of offerings available on the dark web, with Ransomware-as-a-Service (RaaS) available for as little as $40 per month. Russian-linked cybercrime groups REvil and DarkSide have been particularly active on the RaaS front – with REvil being taken offline twice by law enforcement in 2021.
Cybercriminals generally fall into two categories:
All threat actors deserve attention, but the APT actors and their association with ransomware attacks are of particular concern. APTs pose the greatest threat to companies and countries alike due to their advanced capabilities and degree of state sanction with which they operate. Industries like manufacturing, financial services, healthcare, and critical infrastructure, as well as countries around the world continue to be targeted.
APTs are often driven by a mandate of either financial gain, Intellectual Property and data theft, which can include industrial or state espionage – evident in the recent Chinese linked APT data harvesting campaigns. Additional motivations can include nation-state sabotage, either accidental as we saw in the Colonial Pipeline hack, or orchestrated such as the Russian-linked critical infrastructure destabilization campaigns in the Ukraine.
The actions of ransomware campaigns can have devastating financial and other consequences including:
One particular threat vector of concern is the targeting of employees via email through advanced and persistent social engineering campaigns, often driven by APT actors. And legacy email security solutions built for the on-premise world of email exchange servers, and relying on manual, static and rule-based security methodologies, offer rudimentary protection at best.
This helps explain why email continues to be the number one threat vector. With the average organization experiencing a click through rate of 30% on simulated phishing exercises, it’s of no surprise that 96% of phishing attempts are delivered via email. The odds are certainly in the bad actors’ favor.
This explains why phishing via email remains the number one delivery mechanism for ransomware – accounting for 54% of successful attacks.
The types of phishing attacks that are most devastating center on advanced spear phishing and business email compromise (BEC). Targeted at senior personnel in an organization, these attacks deploy a range of impersonation methods – also referred to as whaling or C-suite impersonation attacks.
Senior personnel are targeted due to the significant administrative privileges these email accounts carry. Once an attacker has successfully compromised an employee’s email account, the mean time for deploying the ransomware and demanding a ransom ranges from 12 to 76 hours. For small companies the incident usually plays out over 2 to 4 days, with larger enterprises this can take several weeks.
The fallibility of employees to phishing attacks, combined with legacy email security solutions built for an on-premise world, go some way in explaining why damages associated with cyber attacks are expected to increase exponentially in the coming months, especially with hybrid-working here to stay.
The dramatic shift to a hybrid and remote operating model as a result of the pandemic has proved a boon for cybercriminals, with ransomware attacks being particularly rewarding. Even the “average” person is worried about cybercrime, with Americans saying it’s the crime they’re most worried about in 2021.
Security leaders are, too, with 69% saying they think ransomware attacks will be a greater concern in a hybrid work place.
Enterprises with significant on-premise footprints and associated legacy IT infrastructure have been particularly vulnerable to cyber attacks. Attack surface risk increased exponentially overnight, with employees logging into corporate networks from poorly secured home networks, and often on personal devices. The telemetry that on-premise cybersecurity tools provided was, and has been, severely curtailed. These legacy tools were built for a world of securing networks, endpoints and devices.
The pandemic set new parameters of where cyber risk could manifest and revealed a need for a new approach to cybersecurity – an approach that addresses cyber risk as it manifests, in real-time, regardless of network, endpoint or device.
It is for these reasons that 75% of cybersecurity leaders believe legacy email security approaches and tools are no longer adequate for the current threatscape. This is also why 58% of cybersecurity leaders are investing in behavioral intelligence enabled email security solutions. Only by securing an organization’s most important asset – its employees – will the risk of a cyber attack, including ransomware be mitigated.
Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprize.
Key features include:
Want to learn more? See how Tessian prevents ransomware attacks, watch a product overview video, download our platform architecture whitepaper, or book a demo.