As utilities move through the digital transformation, there will be many benefits, but unfortunately, also downsides: increasing threats, particularly via email and hybrid working.
One particular threat is Business Email Compromise (BEC), sometimes called graymail. This is where a malicious actor either gets into or spoofs a legitimate business email system, so can send out phishing emails, that are apparently genuine, so are a greater threat than the ones that are obviously from a illegitimate source.
In its second annual report, email security company Armorblox noted an increase in nearly all forms of email attack last year, based on data from four billion emails and 800K thwarted threats.
The report found:
- A 70% increase in phishing attacks in 2022, compared to 63% the previous year
- Small and medium-sized businesses (SMBs) are particularly exposed to vendor fraud or supply chain email compromise.
- 53% of vendor compromise incursions targeted technology organizations.
- Sensitive user data, such as user login credentials were implicated in 52% of hacks.
- 77% of BEC threats use language and social engineering.
- 58% of attacks targeted SMBs.
- 20% of BEC attacks involved graymail or unwanted offers.
- Legacy security filters were the vector for 56% of incursions.
- Financial fraud attacks increased by 72% last year.
- The report predicted that creative AI tools like ChtGPT will also mean an increase in BEC
CISOs are now concerned that hybrid work opens companies up to increased threats from insecure browsing and devices. Often users working on their own smartphones or tablets have less secure systems than those the company offers. This makes them a particular vulnerability for threat vectors. Utilities internal security, and their cybersecurity partners need to take pro-active steps to ensure that all devices used by company employees have the full complement of security features and all of the workforce is properly trained in security awareness.