Going Beyond Built-in Security: Email Threats in 2020

Explore the need for going beyond built-in Microsoft 365 and Google Workspace security based on email threats detected in 2020. 

March 31, 2021

As troves of workers moved to work-from-home (WFH) set ups, more emails were sent than ever—306.4 billion of them per day to be precise. Trend Micro™ Cloud App Security discovered 16.7 million high-risk email threats in addition to those detected by built-in Microsoft 365 and Google Workspace security. This annual report discusses why you need to go beyond native security to properly protect your organization.

With an influx of remote workers due to the pandemic, gaps in cloud security were exploited. Cybercriminals not only leveraged blind spots in email services’ built-in security, but they also took advantage of the fear surrounding the pandemic—in the first five months of 2020, 92% of all cyberthreats were spam or phishing emails.

Unfortunately, built-in security for popular email services, like Microsoft 365 and Google Workspace, is simply not enough to stop malicious emails from infiltrating enterprises. In 2020 alone, Cloud App Security detected and blocked more than 16.7 million high-risk email threats in addition to those discovered by email services’ built-in security—a notable 32% increase from the previous year. Illustrating this clearly, in a single organization with 10,000 Microsoft 365 users, Cloud App Security discovered over 755,000 high-risk email threats missed by the built-in security. That’s 75 high-risk emails per user that slipped through Microsoft’s native scanning.

Malware and phishing threats are on the rise.  

While remote workers traded business casual for sweats, credential phishing attacks increased in sophistication and increased by 14%.

Email services like Microsoft 365 were routinely targeted; Cloud App Security service detected and blocked more than 314,000 credential phishing attacks from one organization with 10,000 Microsoft 365 users.

BEC: Less doesn’t mean better.

Although business email compromise (BEC) attempts declined by 18%, they still proved to be costly for enterprises. A report from the Anti-Phishing Working Group (APWG) noted that losses associated with BEC continued to rise, from US$54,000 to US$80,183 across 2020. Notable BEC victims include Puerto Rico’s government, which cost them $4.2 million over two months.

Complex attacks = complex solution? Think again.

Cybersecurity leaders should use a multilayered security solution that supplements the built-in security features in email platforms like Microsoft 365 and Google Workspace. SaasS-based solutions like Cloud App Security are easy to setup, and use sophisticated techniques like machine learning (ML) and extended detection and response (XDR) capabilities to better protect your enterprise from threats.

Learn more about the facts and figures of email threats for 2020 as well as mitigation strategies in our annual report.