Impersonation attacks carried out by cyber criminals and targeting businesses of all sizes across the world rose by almost 70 percent in 2019 compared to the previous year and resulted in businesses losing valuable customers, data, and money in the process, a new study has revealed.
Mimecast's State of Email Security report for 2019, which gathered responses from 1,025 IT decision makers at organisations across the globe, has identified impersonation attacks carried out by hostile actors and cyber criminals as a major cyber security threat for businesses of all sizes.
Impersonation attacks having a direct impact on organisations' finances
Impersonation attacks have truly become the weapons of choice for cyber criminals as, according to Mimecast, such attacks increased by 67 percent over the previous year and 73 percent of organisations targeted by such attacks suffered financial losses, loss of sensitive data, and loss of customers.
While 40 percent of organisations targeted using impersonation attacks (that involve criminals impersonating C-Suite executives or trusted vendors to lure employees into sharing data, credentials, or transferring money) suffered data loss, 29 percent of those targeted suffered financial losses, and 28 percent of them suffered the loss of customers.
Mimecast's findings are neither surprising nor unique as impersonation attacks have seriously impacted organisations in the past as well. Last year, a survey carried out by Lloyds Bank and Get Safe Online revealed that between 2017 and 2018, the number of reported impersonation fraud cases rose by 58 percent, costing UK-based SMEs an average of £27,000 and impacting nearly half a million of them. Law firms bore the brunt of impersonation fraud scams, suffering 19 percent of all attacks, followed by HR professionals, IT workers and finance companies.
"The rise of impersonation fraud is a very concerning issue for small and medium-sized businesses. We know that falling victim to these types of scams can be serious as the impact extends beyond just the financial implications. This is why we’ve teamed up with Get Safe Online - to help educate business owners and employees on how to recognise these scams and take the right precautions to protect themselves," said Gareth Oakley, managing director of business banking at Lloyds Bank.
94% of organisations suffered phishing attacks
The Mimecast survey also revealed that 94 percent of organisations across the globe were targeted by phishing attacks via email and 55 percent, or over half of all organisations, reported an increase in phishing attacks in 2019 compared to the previous year.
The scale and volume of email-based cyber attacks, such as phishing and impersonation attacks targeting businesses, is such that they are seriously impacting the morale of IT decision makers and impacting their confidence in their security protocols. As many as 61 percent of IT decision makers are sure of the fact that their organisation will suffer a negative business impact from an email-borne attack this year.
Organisations across the globe are also struggling to cope with business-disrupting ransomware attacks that cause immense downtime and loss of productivity. Such attacks rose by 26 percent compared to the previous year and resulted in 49 percent of organisations suffering downtime for two to three days, and 31 percent of organisations experiencing downtime for four to five days.
"Anyone familiar with the cybersecurity threatscape will not be surprised with these findings. Phishing remains one of the most successful methods of gaining access to a network, with organised gangs leveraging multiple phishing websites from a single IP address, and independent non-technical actors taking advantage of the phishing-as-a-service kits available on the dark web," says Corin Imai, senior security advisor at DomainTools.
"Not only is this a threat for businesses but for individuals. The best advice for keeping safe online remains vigilance to any unsolicited email, and double checking the URL of any website you visit before inputting any PII or downloading any attachments," she adds.