2022 has been a rollercoaster ride for those in the cybersecurity industry with major email-based attacks dismantling business operations and jeopardizing reputations. 

Cybercrime is a lucrative and continuously evolving business that impacts companies of all sizes as sophisticated threat actors continue to exploit email vulnerabilities for financial gain. This year alone, email-driven cyber-attacks have skyrocketed. Email is the entry point for most ransomware attacks, which have spiked a nearly 13% increase equal to the last five years combined. With such a drastic increase, companies continue to fall victim to cyber-attackers by failing to implement proper email security. 

Let’s dive into the biggest email-driven cyberattacks of 2022 and the lessons they offer to enterprises. 

Reflecting on three of the biggest email-driven cyberattacks of 2022

  1. In March, Horizon Actuarial disclosed a data breach that affected over 1 million customers of the group’s healthcare and benefit plans. Through a ransomware attack, cybercriminals stole personally identifiable information (PII) including names, dates of birth, Social Security numbers and health plan information, from over 33 organizations. Following its notice, a lawsuit pointed to Horizon Actuarial's alleged lack of preparedness as well as the significant time it took to inform individuals affected by it. 

  1. In April 2022, Baptist Medical Center experienced a cybersecurity incident that affected approximately 1.2 million patients. An investigation revealed that an unauthorized party had infected the hospital network with malicious code, removing data including Social Security numbers, health insurance information, medical record numbers, dates of service, provider and facility names, addresses, birth dates, reasons for visit, procedure information, account or claim status, and billing and diagnostic codes. A lawsuit alleged that the breach resulted from negligence to implement proper technical safeguards to prevent security incidents. 

  1. In June, Flagstar Bank, one of the largest financial service providers in the United States, reported a data breach that compromised the Social Security numbers of 1.5 million customers. The attack was the second incident in just two years, and it took Flagstar over six months to detect the breach. 

What we can learn from these breaches 

The healthcare and financial services industries continue to be top targets of cyber-criminals and this trend will undoubtedly continue throughout the remainder of the year. Breaches can lead to bad publicity, damaging a company’s reputation and resulting in expensive lawsuits, as is evidenced by the Horizon Actuarial data breach. 

The Flagstar Bank data breach showcases that being a victim of a breach does not prevent subsequent breaches, despite what many companies might think. Almost all companies who fall victim to ransomware attacks attempt to minimize these attacks before having to come clean.  

The last thing to note is that many smaller businesses are just as appealing a target as large enterprises, especially when they don’t have the resources to protect themselves. Investing in email security is crucial for businesses of all sizes, locations, and industries. 

Predictions for the remainder of 2022 

With increasing numbers of ransomware attacks and instability across the world, economic, political and climate uncertainty will manifest as themes in email attacks. The United States 2022 midterm elections will surely be a major opportunity for threat actors, whether it be targeting campaigns, voters, or parties. Data from the FBI shows Business Email Compromise now costs organizations $43 billion per year – by far the costliest and most dangerous cybercrime for businesses. 

As more legitimate domains are protected by DMARC, abuse and impersonation attacks from lookalike domains will continue to increase. As a result, the attack surface is expanding faster than prevention security and the demand for increased digital brand protection will grow. We’ll likely see more discussion about the “attack surface "as part of digital brand protection going forward. 

According to research, cyberattacks have increased 50% year-over-year, with each organization facing approximately 925 cyberattacks per week globally. With such a drastic increase and looming danger, companies that fail to implement proper email security protocols will continue to fall victim to cyber attackers. Although there is no right way to cope with a cyberattack, companies can take action by incorporating the necessary security measures to avoid the threat in the first place.

Strengthen your organization against cyberattacks with the Red Sift platform 

At Red Sift, we enable security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers. Our integrated email security and brand protection platform is made up of a number of gold-standard and award-winning products: OnDMARC, OnDOMAIN, and OnINBOX. These are designed to work in unison to block outbound phishing attacks, analyze the security of inbound emails, and provide domain impersonation defense for company-wide threat protection.

Red Sift find out more