Feature Story

Cisco cybersecurity report sounds alarm on rising email threats

56 percent of CISOs report email is their highest security concern.
Jul 25, 2019

Guest post by Shira Rubinoff

Advancing its stellar track-record ofintelligence, security and cyber-threat information sharing, Cisco continues to engage in thought-leadership revolving around the state of global cybersecurity.  In recently launching its Cisco Cybersecurity Report Series, Cisco has brought under a single banner, leading threat researchers and innovators in the security industry to provide a wide variety of research-based and data-driven publications geared towards professionals with varying interests. In its recent Threat Report and CISO Benchmark Study, both included in the 2019 series, Cisco reveals damning evidence on the rise of cyberthreats delivered via email.

First making its malevolent appearance in 1978, spam has been inundating inboxes around the world, employing phishing tactics and malware to wreak havoc on people and businesses. By relying on botnets and bulk email toolkits, today, email is being cited as the #1 vector for the distribution of these threats. Indeed, at least one third of all email that passes through Cisco’s email security appliances are blocked outright and never reach their intended recipients, aka victims, and that is by conservative estimates!  

See also: Cybersecurity sees huge market growth in 2018

Some of the most common and destructive phishing applications rely on the high prevalence of the G-Suite on the Cloud and its email offerings via Gmail.  Microsoft copycats mimic Office 365, and BEC (Business Email Compromise) email fraud masquerades as c-suite superior communications delivering fake instructions to unknowing employees.  In 2018 alone, the latter tactic resulted in $1.3 billion in losses to industry!

The tentacles of organized crime and individual fraudsters are far reaching and are infiltrating a wide variety of areas that are as plentiful as they are crafty. Digital extortionists defraud businesses and individuals alike with dirty scams to coerce users into making payments, oftentimes using Bitcoin. There are Facebook groups that peddle bulk email tools that are intended for fraudulent use, and phishing through promises of intimate meetings, employment opportunities, or the acquisition of expensive or hard to find pharmaceuticals.  The list goes on and on.

See also: Liz Centoni and Matt Watchinski at RSA

With up to 56 percent of CISOs reporting that email is their highest security concern, even ahead of the Cloud and mobile device use, a recent CISO study indicates that the use of email security systems and protocols are in decline.  Further study reveals that one reason for this imbalance may be because of growing reliance on the Cloud, up to 80 percent by Cisco’s reports, which seems to promote a false sense of security.  Businesses inaccurately assume that the Cloud provides robust security at the base level, whereas in fact the Cloud’s basic security provision is only single-tiered.  The Cisco report calls attention to this and recommends a multi-level and pronged approach to cybersecurity both on and off the Cloud that includes, among other tactics: multi-factor authentication, regularly scheduled phishing simulations, the consistent updating of browsers and plug-ins, caution with log-in requests, the verification of authenticity, and the implementation of a dual signature protocol for all financial transactions, especially those made online.

While sounding the alarm on the increasing threats posed by email threats, Cisco’s Cybersecurity Report Series also provides solutions, and covers a variety of other related topics as well.  To read through the complete reports cited and more that will be posted in the coming weeks and months, please check out the entire security report.  This is truly a one-stop information shop for anyone interested in up-to-date information and the state of global cybersecurity. 


This is a Cisco sponsored post. We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of newsroom.cisco.com