One in Nine Email Users Encounter Malware…Are You the ‘One’?
You perhaps didn’t know! One in nine email users had encountered email malware during the first half of 2017, as per the findings of a recent research done by security professionals…
Security firm Symantec, in its latest ISTR special report, Email Threats 2017, reveals this and other findings related to email malware. The report, which discusses mainly the threat landscape where hackers spread malicious threats, BEC (Business Email Compromise) scams etc through email, also states that today users encounter threats that come through email twice as often as any other infection vector.
The Symantec report states- ” Email is by far the most popular method for attackers to spread malicious code. At present, a user is almost twice as likely to encounter malicious code through email than being impacted by an exploit kit. They are many more times as likely to encounter a malicious email than see their devices fall prey to a worm or encounter a malicious banner ad. On average, one out of every nine email users has encountered email malware in the first half of 2017.”
The study also finds that BEC scams too are rampant in the present scenario. Around 8000 businesses have reportedly encountered email attacks based on BEC scams per month. (BEC Scams, also known as CEO Frauds, happen when spoofed emails purporting to be from the CEO or CFO of a company, with the exact names included, would trick some senior staff member- someone from the finance department- or a company attorney, a trusted vendor etc into doing some money transaction via wire transfer).
As regards BEC scams in the first half of 2017, the Symantec report says- “With their heavy reliance on social engineering, and their urgent nature, business email compromise BEC scams are one of the more potent email attacks making the rounds. No longer do such attacks appear to be a rarity either, with approximately 8,000 businesses reporting attacks in a given month. On average a
targeted organization has 5.2 BEC emails sent to them each month.”
A notable finding of the study is that spam rate, which has been on a slow and steady decline since 2011, is now once again on the rise. It would continue to increase during the remaining months of the year. The result is that users would be finding, at an average, 11 more spam emails in their inboxes compared to what they used to get last year. The Symantec report says-“Year on year, we’ve watched the spam rate decline. Beginning in 2011, back when the spam rate was 75 percent, the rate has dropped on an annual basis to the point where it appeared to bottom out at 53 percent for both 2015 and 2016.”. It adds- “While the calendar years for 2015 and 2016 average out to be the same, it appears the spam rate may have actually hit rock bottom in the latter half of 2015. Breaking the spam rate into six-month intervals shows that it has been slowly, but steadily, increasing since that point. For the first half of 2017, this rate has reached 54 percent and all signs point to a continuation of this upward trajectory.”
The inference is- “As of the end of the first half of 2017, this upturn translates into an increase of 11 more spam emails in your inbox each month than a year prior.”
The research found that users working in the manufacturing, retail trade, construction and mining industries encountered 1.5 times more spam emails compared to others, in the first half of 2017. Users in the wholesale trade industry would in fact potentially encounter twice as much spam emails as the average user would.
The cost that a business today incurs, by way of managing spam emails, too gets discussed in the report. Spending 10 minutes per employee per data to manage spam would put the cost at around $4.51 per employee each day. This brings the annual cost for any business to around $1,177.42 for one employee. For 100 employees it becomes $117,741.67 per year, which could be seen as the equivalent of having two full-time employees dedicated to simply managing spam, for any business.
Kevin Jones250 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.