Risks of Spear Phishing to Enterprises

Spear Phishing attacks are on the rise, and they’re more sophisticated than ever.
Why? Because they’re extremely profitable for perpetrators.

The FBI estimates that Business Email Compromise due to spear phishing has cost businesses more than $12 billion between December 2016 and May 2018. Spear phishing harms your enterprise by exploiting employees’ trust in their colleagues, partners, and customers.  Spear phishing attacks are costly with serious business impacts.

What are the risks of Spear Phishing to a business?

  • Significant loss of funds due to wire-transfer fraud (BEC)
  • Malicious intrusion by hackers into business-critical systems
  • Significant damage to IT infrastructure due to malware or stolen credentials
  • Widespread loss of sensitive customer data
  • Widespread loss of company intellectual property
  • Reputation damage and regulatory penalties

The Evolution of Spear Phishing

281 billion emails are sent every single day, as reported by Radicati.

Since its introduction in the 1970s, email has become the main artery of communication for the enterprise.

Enterprise email networks have significant cybersecurity vulnerabilities:

  • Email networks are open gateways
  • Email networks have human nodes
  • Email networks are dynamic in nature

This exploitation began with spam in 1978. Spam is an inbound email threat that is bulk in nature i.e. emails are sent to large numbers, sometimes millions, of recipients with minimal personalisation. These properties make it relatively easy to defend against, and almost every email provider or legacy Secure Email Gateway now includes spam filtering as a standard part of their feature set.

As enterprises got better at defending against spam, so too did perpetrators at trying to dupe targets. A new era of inbound email threats was born: phishing. Phishing emails are often pharming for credentials by mimicking the identity of a trusted website or service (e.g. Facebook or Gmail). As with spam, phishing is relatively easy to filter and most email platforms and legacy Secure Email Gateways include anti-phishing filters.

To outmanoeuvre these filters, perpetrators have developed more sophisticated tactics to reach their targets. As a result, there has been a dramatic increase in a new type of inbound email threat: Spear Phishing

Unlike spam and phishing, spear phishing is highly targeted toward a specific individual within an enterprise and will often impersonate the identity of a trusted third party in order to trick the target into taking some form of action e.g. paying an invoice, sending data or downloading malware. These characteristics make spear phishing much more difficult to prevent from a technological perspective and thus mean that attackers have a higher success rate.

Why are Spear Phishing attacks getting worse?

95% of all attacks on enterprise networks are the result of successful spear phishing.

—  According to Allen Paller, director of research at the SANS Institute

Human error and existing rule-based systems are your primary risk factor. Employees are often victims of spoofing and impersonation as malicious emails continue to bypass most email platforms and legacy Secure Email Gateways. Malicious emails continue to easily circumvent legacy spam filters, firewalls and gateways through increasingly sophisticated CEO fraud and brand spoofing campaigns.

Due to human nature, unaware or preoccupied users (even those actively engaged in an awareness training program) are easily lured into downloading an attachment or clicking on a malicious email link to inadvertently provide attackers with access to sensitive corporate networks and data.

93% of respondents agree that humans and technology need to work side-by-side

—  According to Allen Paller, director of research at the SANS Institute

Because of the rise in spear phishing, email providers and legacy Secure Email Gateway platforms have attempted to build in some rule-based controls to prevent these kinds of attacks by detecting basic patterns which highlight an impersonation attempt. 

However, there's a wide spectrum of spear phishing impersonation techniques, and rule-based controls are inadequate at preventing more sophisticated tactics.

About Tessian

Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?

Book a demo to learn more about our email security platform.