• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Lessons from the biggest email-driven cyberattacks of 2022

Lessons from the biggest email-driven cyberattacks of 2022

by Brian Westnedge
August 23, 2022August 23, 2022Filed under:
  • Cybersecurity

2022 has been a rollercoaster ride for those in the cybersecurity industry with major email-based attacks dismantling business operations and jeopardizing reputations. 

Cybercrime is a lucrative and continuously evolving business that impacts companies of all sizes as sophisticated threat actors continue to exploit email vulnerabilities for financial gain. This year alone, email-driven cyber-attacks have skyrocketed. Email is the entry point for most ransomware attacks, which have spiked a nearly 13% increase equal to the last five years combined. With such a drastic increase, companies continue to fall victim to cyber-attackers by failing to implement proper email security. 

Let’s dive into the biggest email-driven cyberattacks of 2022 and the lessons they offer to enterprises. 

Reflecting on three of the biggest email-driven cyberattacks of 2022

  1. In March, Horizon Actuarial disclosed a data breach that affected over 1 million customers of the group’s healthcare and benefit plans. Through a ransomware attack, cybercriminals stole personally identifiable information (PII) including names, dates of birth, Social Security numbers and health plan information, from over 33 organizations. Following its notice, a lawsuit pointed to Horizon Actuarial’s alleged lack of preparedness as well as the significant time it took to inform individuals affected by it. 

  1. In April 2022, Baptist Medical Center experienced a cybersecurity incident that affected approximately 1.2 million patients. An investigation revealed that an unauthorized party had infected the hospital network with malicious code, removing data including Social Security numbers, health insurance information, medical record numbers, dates of service, provider and facility names, addresses, birth dates, reasons for visit, procedure information, account or claim status, and billing and diagnostic codes. A lawsuit alleged that the breach resulted from negligence to implement proper technical safeguards to prevent security incidents. 

  1. In June, Flagstar Bank, one of the largest financial service providers in the United States, reported a data breach that compromised the Social Security numbers of 1.5 million customers. The attack was the second incident in just two years, and it took Flagstar over six months to detect the breach. 

What we can learn from these breaches 

The healthcare and financial services industries continue to be top targets of cyber-criminals and this trend will undoubtedly continue throughout the remainder of the year. Breaches can lead to bad publicity, damaging a company’s reputation and resulting in expensive lawsuits, as is evidenced by the Horizon Actuarial data breach. 

The Flagstar Bank data breach showcases that being a victim of a breach does not prevent subsequent breaches, despite what many companies might think. Almost all companies who fall victim to ransomware attacks attempt to minimize these attacks before having to come clean.  

The last thing to note is that many smaller businesses are just as appealing a target as large enterprises, especially when they don’t have the resources to protect themselves. Investing in email security is crucial for businesses of all sizes, locations, and industries. 

Predictions for the remainder of 2022 

With increasing numbers of ransomware attacks and instability across the world, economic, political and climate uncertainty will manifest as themes in email attacks. The United States 2022 midterm elections will surely be a major opportunity for threat actors, whether it be targeting campaigns, voters, or parties. Data from the FBI shows Business Email Compromise now costs organizations $43 billion per year – by far the costliest and most dangerous cybercrime for businesses. 

As more legitimate domains are protected by DMARC, abuse and impersonation attacks from lookalike domains will continue to increase. As a result, the attack surface is expanding faster than prevention security and the demand for increased digital brand protection will grow. We’ll likely see more discussion about the “attack surface “as part of digital brand protection going forward. 

According to research, cyberattacks have increased 50% year-over-year, with each organization facing approximately 925 cyberattacks per week globally. With such a drastic increase and looming danger, companies that fail to implement proper email security protocols will continue to fall victim to cyber attackers. Although there is no right way to cope with a cyberattack, companies can take action by incorporating the necessary security measures to avoid the threat in the first place.

Strengthen your organization against cyberattacks with the Red Sift platform 

At Red Sift, we enable security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers. Our integrated email security and brand protection platform is made up of a number of gold-standard and award-winning products: OnDMARC, OnDOMAIN, and OnINBOX. These are designed to work in unison to block outbound phishing attacks, analyze the security of inbound emails, and provide domain impersonation defense for company-wide threat protection.

Red Sift find out more

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • 2022
  • corporate
  • Cybersecurity
  • DMARC
  • Email
  • email security
  • Phishing
  • Security

Post navigation

Previous Post 3 ways the Digital Operational Resilience Act relates to email and domain security
Next Post Active vs. Passive Monitoring: what’s the difference & why it matters

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in