Email security: State of the art

It cannot be stressed enough that email is the preferred channel for cyber-attacks. And this is increasing year after year, despite improvements in the security of personal and professional email, user awareness and the dissemination of and the distribution of alerts about phishing and cyber-attacks. For their part, cybercriminals are using increasingly sophisticated malware and their techniques are more sophisticated and can therefore be confusing.

Ransomware, phishing, malware… are all threats for companies, which must therefore be particularly cautious and make their employees aware of these threats.  All the more as cybercriminals are surfing on the Coronavirus pandemic using fear to encourage people to click.

To see the situation more clearly, we offer you an overview of the situation

Cybersecurity: The worrying increase in email attacks

cybersécurité entreprise

By 2020, cyber-attacks have quadrupled compared to previous years (1). Cybercriminals are now better organised, send numerous fraudulent emails and target vulnerabilities in companies’ IT networks.  Attacks are industrialised, planned. We are far from a person acting alone behind his computer.

Here are some statistics to illustrate the current situation and the vulnerability related to messaging in France:

  • Ransomware accounts for 11% of the total volume of malicious emails (2)
  • 80% of French companies cyber-attacked in 2020 were attacked via phishing emails or spear-phishing (3)
  • In 2020, one out of five companies declare having suffered at least one ransomware attack during the year (4).
  • Only one in two companies is confident in its ability to deal with a cyber-attack (4)
  • The health crisis brings new risks: 35% increase in cyber-attacks (4)
  • 57% of companies plan to increase their cybersecurity budget (4)
  • 85% of companies plan to acquire new technical solutions to improve their IT security (4).
  • 75% of emails received are unwanted (5).
  • Reports to the government of cyber-attacks from professionals have increased by 30% compared to 2019 (6)

The development of teleworking, the fear induced by the pandemic, the development of the cloud, the professionalisation of email attacks explain this evolution. There is no sign of a change in trend: the phenomenon is likely to continue for years to come and remain a real concern for organisations.

Cyber-attacks: Significant impact for businesses

conséquences cyberattaque

It is difficult to estimate the cost of a cyber-attack. This is not only reflected in the economic consequences, but also in the impact on the company’s reputation, the fragilization of the IT infrastructure, or the operational difficulties.

In 2020, 58% of cyber-attacks had a proven impact on business, with direct disruption to production in 27% of cases (7).

The main consequences of the attacks (8) can be broken down as follows:

  • Data theft (30%)
  • Denial of service (29%)
  • Business interruption due to data encryption by ransomware (24%)
  • Identity theft (23%)

A study by Bessé shows that the risk of a company’s failure increases by 50% in the three months following the announcement of a cyber-attack. This risk can even reach 80%.

Another study by the IBM Ponemon Institute found that 80% of French companies do not have an incident management plan. Another significant finding is that it takes an average of 201 days for a company to discover that it has been the victim of a cyber-attack. The direct consequences can also hit customers if their personal data has been compromised.

A simple click on a link in an email can therefore irremediably weaken the entire company.  This is why it is important to continue to raise awareness among employees, but also to strengthen IT security through various dedicated email protection solutions.

Some cyber-attack examples and their impacts: 

  • A hospital in New Jersey (USA) paid a ransom of over $600,000 (2020).
  • Verne Harnish, CEO of Gazelles Inc. was robbed of $400,000 from his bank account when hackers gained access to his computer and intercepted emails between him and his assistant (2019).
  • EasyJet has announced that it has been the victim of a major cyber-attack: more than 9 million customer data (email addresses and travel information), including 2,000 credit card details were illegally accessed (2020).
  • The University of California at San Francisco (UCSF) was hit by a ransomware attack that paralysed access to data on its computer network. In the end, the University agreed to pay a ransom of approximately one million euros (2020).

(1) Cyber-attacks quadrupled last year, says cybersecurity expert – France TV info

(2) Intervention Devensys – Methods to improve your email security 2018

(3) The most common cyber-attacks against French companies – Statista

(4) 6th edition of the CESIN annual barometer

(5) Messaging: numbers and threats – security dsisionnel

(6) Cybersecurity: more reports in 2020 – vie-publique magazine

(7) 6th edition of the CESIN annual barometer

(8) The most common cyber-attacks against companies, CESIN and OpinionWay

(9) On a panel of SMEs