Email is an essential part of everyday life. It is often the primary form of communication between employees, meaning company information is constantly shared within it. Because of this, threat actors often look to email when designating attack methods. According to a recent report by Cofense, 90% of data breaches begin with phishing.

The report found that healthcare and finance are the top targeted industries, likely due to the sensitive information those organizations hold. Healthcare data, bank account information and personally identifiable information (PII) are all desirable targets for threat actors looking for large ransomware payouts.

Even with increased security measures, organizations still found their emails subject to cyberattacks. The report found a 104.5% increase in malicious emails bypassing secure email gateways (SEGs) and users received a malicious email every minute. The report found a 67% increase in credential phishing. Credential phishing was the cause of 91% of published active threat reports.

There was a 331% increase in QR code active threat reports in 2023, according to the report. Security leaders should warn employees not to scan any QR codes of unknown sources, especially on company devices. This could include codes at events, parking meters or anything with an unclear destination.

When considering email security, security leaders should encourage employees to utilize two-factor authentication and change their passwords regularly. Leaders should also discourage employees from sending sensitive information over email, especially to someone outside of the organization.

Find out more here.