The 2023 edition of the Hornetsecurity Cyber Security Report is out now, featuring an in-depth analysis of the Microsoft 365 threat landscape. Hornetsecurity is a leading Cloud Email Security Provider with over 15 years of experience, and as such, they have amassed a huge user dataset over that time that has enabled them to conduct a detailed examination of email-based threats, which is the basis for this detailed report with a focus on Microsoft 365 security.
Cyber security is a critical issue that affects individuals, businesses, and organizations of all sizes. One of the most common tactics used by criminals to exploit email is phishing campaigns. In this article, we will discuss the Cyber Security Report 2023 and Hornetsecurity’s findings with a focus on phishing. But as an introduction, let’s take a look at the various techniques criminals use to launch successful phishing campaigns and what you can do to protect yourself and your organization from these threats.
Let’s take a look at the basics. Phishing is a form of cyberattack in which criminals use email and other forms of communication to trick individuals into providing sensitive information or clicking on malicious links. These attacks often appear to come from a trusted source, such as a bank, a government agency, or a well-known company.
One of the most common techniques used in phishing campaigns is the use of spoofed email addresses. This is where the attacker creates an email address that looks like it is coming from a legitimate source. For example, they may use an email address that is similar to that of a bank or a government agency. This makes it difficult for individuals to recognize that the email is not legitimate.
Another technique used in phishing campaigns is the use of social engineering. This is where the attacker uses psychological tricks to convince individuals to click on a link or provide personal information. For example, the attacker may use fear tactics, such as claiming that an account has been compromised, to convince individuals to take immediate action.
Criminals also use phishing campaigns to distribute malware. In these types of attacks, the attacker will send an email with a link or attachment that contains malware. Once the individual clicks on the link or opens the attachment, the malware is installed on their device, giving the attacker access to sensitive information.
Hornetsecurity Cyber Security Report 2023
Hornetsecurity compares trends from last year’s report against the most recent data to predict trends for the upcoming year. This is only a short recap; for the best experience, please read the complete report. It is very interesting.
Email security trends – Companies shifted in organizational collaboration to MS Teams and Slack. But email continues to be the primary mechanism of communication for many organizations, with 322 billion emails sent every day. Email is here to stay. Email continues to be one of the primary methods actors use to launch attacks, which makes it very important to improve security.
Spam, Malware, Advanced Threat Metrics – In the past bad actors used .doc/.docx and .xls/.xlsx as primary methods of delivery. This has now shifted to archive files and HTML. The most targeted industry is Automotive, followed by the Retail industry.
Popular Email Attack Methods in 2022 – Phishing remains the primary method of attack; phishing even increased by 14.8%. The increase in phishing can be attributed to the success bad actors are having. There are many other attack techniques mentioned, but again I urge you the read the report as this section contains particularly interesting insights into the shifting threat landscape.
Safety of Data in the Cloud – Cloud technologies have seen a tremendous surge in adoption over the last several years, and that trend continued in 2022. This trend was initially driven by the COVID-19 pandemic, but it was already gaining traction due to the agility and reliability gained by the cloud technologies. More companies are moving on-premises servers to the cloud. New cloud users are unaware of how protection works in the cloud, they don’t know their responsibility regarding data safety.
User-Targeted Threats to M365 – The Human Firewall – Email and communications services are no longer the sole targets of threat actors. End users themselves are increasingly the “weakest link” when it comes to IT security. Two major types of attacks fall under this category: Social Engineering and Brand Impersonation.
To protect yourself and your organization from phishing attacks, it is important to be aware of the techniques used by criminals and to take steps to prevent them. One of the most effective ways to do this is by implementing email filtering and anti-spam solutions. These solutions can help to identify and block phishing emails before they reach your inbox.
Another important step is to educate employees about the dangers of phishing and how to recognize a phishing email. This can be done through regular training sessions and by providing them with examples of phishing emails.
It is also important to be cautious when clicking on links or opening attachments from unknown sources. If you receive an email from a source that you are not familiar with, it is best to delete the email and not click on any links or open any attachments.
Additionally, be aware of the common red flags that indicate a phishing email:
Urgent language (e.g. “Your account will be closed unless you click this link”)
Requests for personal information
Asking to click on a link to update account information
Bad spelling and grammar
Generic greetings like “Dear valued customer”
Another step to take is to use two-factor authentication, which adds an extra layer of security to your accounts. This means that in addition to a password, you will need to provide a code that is sent to your phone or email. This makes it much more difficult for attackers to access your accounts.
It is also important to keep your software and operating systems up-to-date. This will help to ensure that any vulnerabilities in your system are patched and that you have the latest security features.
Phishing is one of the most common techniques used by criminals to exploit email. By being aware of the techniques used by criminals and taking steps to prevent them, you can protect yourself and your organization from these threats. Implementing email filtering and anti-spam solutions, educating employees, being cautious when clicking on links or opening attachments, using two-factor authentication, and keeping your software up to date. But these are only the basic prevention measures. Once you read the report, you will find out how bad actors have improved and become faster and more efficient at breaching company email protection. You can read the report here.