Malicious links and misaddressed emails slip past security controls

The majority of organizations use six or more communication tools, across channels, with email remaining the channel seen as the most vulnerable to attacks (38%), according to Armorblox.

Respondents mentioned multi-channel attacks are gaining momentum and frequency. More than half of respondents reported multi-vector, socially engineered attacks happening weekly (36%) or daily (16%).

Communication and collaboration concerns

The level of concern is high for attacks evading security controls by leveraging siloed communication and collaboration tools (video conferencing, messaging, and shared calendars, project management / whiteboarding applications, file sharing / cloud storage) outside of email (69%).

According to Dave Gruber, Principal Analyst at Enterprise Strategy Group (ESG), “Organizations’ top concerns when it comes to communication and collaboration tools are ransomware, phishing, and malware-based attacks. These threats are not unique to newer collaboration mechanisms and are also common in traditional email communications.

“This raises the question of whether expanding collaboration tools simply increases the potential attack surface for bad actors. As organizations continue to adopt new technologies, they must remain vigilant in their efforts to protect against these threats and ensure the security of their communication channels,” concluded Gruber.

Email identified as most vulnerable channel

As a result of the survey, 38% of respondents believe email is the channel most vulnerable to threat actors. This emphasizes the high level of risk associated with email communication, and the continued vulnerabilities of legacy security tools when it comes to protecting against sophisticated threats.

• 39% of respondents stated spam/malware and 34% of respondents stated phishing/spear phishing/malicious links evaded security controls
• 27% of respondents stated misaddressed emails slipped past native security layers
• 26% of respondents indicated threats that penetrated security controls included wire transfer fraud, payroll fraud, payment fraud, other BEC attacks
• 23% of respondents indicated internal account compromise/takeover was the result of threats bypassing legacy layers
• 23% of respondents indicated threats resulted in unintentional sensitive data leakage

“Today’s threat landscape is already challenging, but with the increasing sophistication of attacks, especially those using AI, it is concerning to see that primary email security solutions continue to fall short in providing the necessary protection,” said DJ Sampath, CEO of Armorblox.

“We know that this lack of protection can have significant consequences, undermining the efficacy, compliance, and reliability of email communication. It’s crucial that organizations take the necessary steps to strengthen their email security measures and ensure that they are able to keep pace with the evolving threat landscape, and the rise of AI-powered attacks,” concluded Sampath.