Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

Stu Sjouwerman | Aug 28, 2024

Confident Detecting Spoofed EmailsNew analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.

It’s every cybersecurity professionals’ worry; whether the security controls they’ve put in place will actually stop attacks.

But it’s actually quite easy to calm those fears by simply paying attention to industry data that paint a picture of what tactics and techniques threat actors are using and to ensure the appropriate controls are in place to stop such malicious activity.

According to Kroll’s Q2 2024 Threat Landscape Report, there are some consistent trends that are becoming evident.

Going back three quarters, Kroll demonstrates through data that the following threat incident types (in descending order) are being experienced during cyber attacks: email compromise, ransomware, unauthorized access and web compromise.

body4-white

Source: Kroll

Looking at the chart above, you can see how important having access to email is for threat actors.  And even with the substantial increase in unauthorized access this year it appears that the threat actor “leopard” doesn’t change its spots.

It also makes it very clear that protecting email access with multi-factor authentication, strong passwords, and the use of security awareness training to help prevent successful social engineering attacks intent on stealing credentials are necessary to stop what appears to be an incident trend that isn’t going away anytime soon.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Discover Your Organization’s Exposed Email Attack Surface

Cybercriminals constantly scan the deep web and thousands of breach databases to find exposed employee identities, credentials, and passwords to launch targeted social engineering attacks. Run our free Email Exposure Check Pro (EEC) to safely uncover your at-risk users and see what your organizational structure looks like to an attacker before they exploit it.

Get Your Free Email Exposure Report

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.