IT disaster recovery, cloud computing and information security news

New research shows that BEC attacks have grown by 175 percent over two years

Details
Published: Friday, 10 February 2023 10:06

Abnormal Security has released its H1 2023 Email Threat Report, which examines recent developments in the email threat environment and focuses on the growing risk employees pose to an organization’s cyber security.

The latest Abnormal research found that between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28 percent. Additionally, of the malicious emails that were read, an average of 15 percent were replied to. And while less than one percent of recipients engaged with more than one attack, 36 percent of replies were initiated by employees who had previously engaged with an earlier attack.

When it comes to email attacks, the odds are stacked against your workforce — and this new data shows just how much. Threat actors are increasingly taking advantage of social engineering tactics to encourage employees to open malicious emails and fulfill requests like providing login credentials, updating bank account information, and paying fraudulent invoices.

Utilizing internal data aggregated over the prior six months, Abnormal’s H1 2023 Email Threat Report also explored the steady rise of business email compromise and the continued popularity of supply chain compromise as an attack strategy. Over the past two halves, BEC attack volume grew by more than 81 percent, and over the past two years, it increased by 175 percent.

Additional findings from the report include:

  • Only 2.1 percent of known attacks are reported to the security team by employees, and 84 percent of employee reports to phishing mailboxes are either safe emails or graymail.
  • Employees in entry-level sales roles with titles like Sales Associate and Sales Specialist read and reply to text-based BEC attacks 78 percent of the time.
  • Between the first and second half of 2022, BEC attacks targeting small and medium sized organizations grew by 147 percent.
  • Nearly two-thirds of large enterprises experienced a supply chain compromise attack in the second half of 2022.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The Business Continuity Business Case

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.