Malicious email threats bypassing all secure email gateways (SEGs) on the market increased over 100% in the past year.  

How do we know? Because we stop thousands of phishing threats bypassing our customers’ SEGs every day. 

The email threat landscape is constantly evolving which makes it difficult to stay ahead and combat the attacks targeting your organization. Threat actors are also getting more sophisticated and outsmarting standard email security solutions, using new delivery methods such as QR code phishing, SMS text (smishing), and voicemail (vishing) to target their victims and steal sensitive data, resulting in catastrophic losses. 

To help you gain insights into the latest trends and tactics, Cofense recently released our 2024 Annual State of Email Security report. The insights shared are based on our proprietary intelligence, including data we receive from our network of 35+ million Cofense-trained employees reporting suspected threats from across the globe.  

Let’s take a look at the numbers. 

• Our analysts detected a malicious email bypassing our customers’ SEGs every minute of every day. 
• Malicious cyber-attacks targeting businesses increased 310% since 2022, with that number projected to continue increasing. 
• Credential phishing was the threat of choice in 2023, with a 67% increase in volume compared to 2022. 
• Last year, credential phishing was responsible for 91% of active threat reports published. 
• QR code active threat reports increased 331% in 2023 and our analysts believe these threats are just getting started. 
• A 1,092% increase in Google AMP emails bypassed SEGs in the last six months of 2023 compared to the first six months. 
• Healthcare and finance remain the top targeted industries with increases in malicious emails bypassing SEGs at 84.5% and 118%, respectively. 

SEGs are good at filtering many of the threats targeting your organization, but they still miss 30-50% and it only takes one malicious email bypassing your SEG to compromise your sensitive data, financial information, and reputation. With email being the #1 vector for cyberattacks and 90% of data breaches starting with a phish, it’s imperative for organizations to invest in a comprehensive email security solution.

So, what can you do to protect your business from the email threats making it past your SEG? 

Train your employees. Your people are your #1 line of defense and they are being targeted by threat actors every day. In response to this vulnerability, Cofense pioneered the security awareness training (SAT) industry over a decade ago. Our solution, Cofense PhishMe, uses real-life simulations, relevant educational content and engaging interactive eLearning modules to train your employees to identify and report suspected malicious emails that bypass legacy email security controls. 

Employ Phishing Detection & Response. Cofense’s phishing detection & response (PDR) solution combines the power of our global network of more than 35 million Cofense-trained employees with the insights from our expert analysts in our staffed Phishing Defense Center (PDC) to prevent attacks from harming your business. The PDC processes thousands of reported malicious emails which made it past our customers’ SEGs. These emails are fed into our PDR platform and if deemed malicious, are quickly quarantined from our customer’s email environment. But that’s not all. That same email is also automatically removed from all our other customer’s email systems as well. 

Only Cofense can provide these valuable security solutions.

Want to learn more about how our SAT and PDR solutions can protect your organization from a costly breach? Contact us here.