89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 Months



89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 MonthsWith the number of email breaches per year almost doubling in the last three years, organizations still don’t see email security solutions as being an effective means of stopping attacks.

Email remains a direct conduit for threat actors to access organizations and even specific individuals within, providing an opportunity to attack just the right potential victim recipient with the right message and the right trigger to elicit the desired response that spawns a cyberattack. According to Osterman Research’s Phishing, BEC, and Ransomware Threats for Microsoft 365 Users report, the use of email as a malicious vehicle is not only clear and present, but working to the cybercriminals advantage.

  • Less than half of organizations rate their email security as being “effective”
  • 64% of orgs believe their security solutions to be ineffective against attacks impersonating executives
  • 54% believe their security solutions to be ineffective in preventing impersonated emails of any kind from reaching a user’s Inbox

This is not just “gut feeling” or intuition; it’s based on the resultant effectiveness of these solutions to stop attacks. According to the report:

  • 89% of organizations experienced one or more successful email breaches during the last 12 months
  • Ransomware attacks increased by 71% over the same period of time
  • Microsoft 365 credential compromise attacks increased by 49%

According to the report, while 99% of organizations offer some kind of training on email threats at least annually, only 14% of organizations offer training monthly or more frequently. But those organizations that do conduct regular Security Awareness Training see a reduction in the likelihood of employees falling for phishing attacks, with 87% of those organizations seeing a “reasonable” or “significant” impact in the reduction of their email threat surface.


Do you know what's getting through your mail filters?

KnowBe4’s  Mailserver Security Assessment (MSA) helps you assess your organization’s mailserver configuration settings and check the effectiveness of your email filtering rules. With email still the #1 attack vector used by threat actors, you want to see what types of messages may make it through your filters from the outside.

MSA gives you a quick insight at how your mailserver handles test messages that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.

msa-screen3Here's how MSA works:

  • 100% non-malicious packages sent
  • Select from 30+ automated email message types to test against
  • Saves you time! No more manual testing of individual email messages using MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!

Find out now if your mail server is configured correctly, many are not!

Test My Mailserver!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

knowbe4.com/mailserver-security-assessment

Subscribe To Our Blog


Anti-Phishing Guide ebook




Get the latest about social engineering

Subscribe to CyberheistNews