Top 7 2020 Email Security Trends You Need to Watch Out For
Email was invented nearly five decades ago (48 actually). But that does not mean it has remained stagnant. On the contrary, it has evolved countless times since 1972 until this day.
We have seen new email providers come into the picture, said goodbye to many along the way, and welcomed new features that made email faster, more convenient, or more secure and anonymous.
Security wasn’t so much an issue in the early days of email, but with the rise of cybersecurity threats, it’s more so today than it ever was.
For example, in its State of Email Security in 2020: More Spam, Malware, Phishing & Ransomware Ahead report, digital security company Fortinet states that:
“Even after an organization’s existing email security solution did its best to filter out malicious or risky traffic, our email analytics found that 1 in 3,000 messages still contained malware, including ransomware.”
That means, Fortinet continues, that for an organization with 100 employees, where each employee receives on average 121 email every day, according to Campaign Monitor, there will be at least 4 malware-infected emails.
With that in mind, it is important to know what is going on in the email security to be able to adequately respond to those threats.
Biggest Secure Business Email Trends in 2020
Here are our top 7 secure business email trends to watch out for in 2020.
- Phishing vs 2FA
Two-factor authentication or 2FA often gets hailed as the long-awaited solution that will secure our login information. At the very least, it seems to work against automated bot hacks.
However, as we have seen time and again with every security solution so far, it was only a matter of time before scammers and hackers found a way to circumvent it.
And they are doing that not through complicated codes and algorithms, but social engineering. More specifically, phishing.
This way, scammers can fool their victims into giving them one-time passcodes from their SMS messages during the 2FA process. This was how hackers were able to bypass Gmail’s 2FA at scale back in 2018, for example.
- More Businesses will be Targeted for Phishing
We will likely see fewer malware attacks in the future, but phishing and other social engineering ploys will happen at a larger scale and will cover more businesses than before.
What’s more, the threat won’t come just from criminal organizations, but more and more from foreign threat actors, including China and Russia, especially in times of elections.
- Vendor Email Compromise will Become the Number One Email Security Threat
According to the Financial Crime Enforcement Network (FinCEN), the average number of reported BEC (Business Email Compromise) in 2018 was 1,100, whereas it was 500 two years prior. (via PYMNTS)
In 2020, VEC, or Vendor Email Compromise, surfaced as the favorite of email hackers and scammers targeting businesses.
How does VEC work?
In this attack, hackers take over enterprise email accounts (by whatever means), but don’t take any action yet. Instead, they lie in wait, monitoring the communications. When they have enough information, they then impersonate the legitimate entities throughout the supply chain.
- BEC Sees New Players
Speaking of Business Email Compromise, 2020 and beyond will see new threat actors come into the scene.
In particular, West African cybercrime groups (Nigeria in particular), will be joined by Russian and East European rings with their own devastating BEC attacks.
- Genetic Research and Healthcare Companies Will be Rich Targets
Cyberthreat actors are always looking for easy targets that are rich in data. If those targets are also relatively easy, that’s a win-win for the bad boys there.
Well, cybercriminals have found such targets in genetic and healthcare companies and will more and more try to get into their databases to get away with the data, including patient family heritage, medical records and more.
- Ransomware Attacks will become More Precise
With many reports of ransomware declining in recent years, you’ll be forgiven for thinking that it soon won’t pose a problem anymore. Overall phishing, for instance, was down 42% in 2019, according to the 2020 SonicWall Cyber Threat Report.
The truth is that ransomware is still pretty much a threat, but attacks are becoming more surgical and have bigger consequences. For instance, the average ransom almost doubled between 2018 and 2020 from $4,300 to $8,100.
- Price of Phishing Kits Increase
Today, you can get a full phishing kit, complete with zip files, PHD, files, HTML, images and more online. The good news is that the price of phishing kits has increased from $122 in average (2018) to $304 (2019).
The bad news is that there are now more sellers and the year-on-year number of phishing kit sellers increased $120% between 2018 and 2019.
Conclusion
All of these trends don’t paint a very nice picture for the future for email security. However, they more than emphasize the ever-growing need for secure business email providers that can protect organizations from hackers, scammers and other cyberthreats.
In many ways, the openness of the email is what’s the problem here. Employing a more secure anonymous email would serve to deter a good portion of these threat actors.
Of course, security begins with the employees or users. If they don’t know for instance how to securely send a document over the Internet, they are only making it that much easier for cybercriminals.
CTemplar is a secure anonymous email provider that brings a plethora of security features to the battle against email threats, including phishing protection mechanisms, 100% audited open-source code, Zero-Knowledge Password Protection and more.