While mostly all communication applications have seen revolutionary changes, email has remained mostly unchanged for over 3 decades, making users accustomed and complacent to receiving dangerous attachments or links on a daily basis.
Because of this, email has become one of the preferred platforms for attackers to distribute malware or execute phishing attacks, in numbers:
- 92,4% of malware is delivered through email
- 96% of all phishing is delivered through email
- 62% of phishing simulation campaigns are still able to capture user credentials, despite employee training being in place
- a 64% quarter over quarter increase of malicious domain registrations used to launch phishing campaigns
(source Cisco : https://www.cisco.com/c/dam/en/us/products/collateral/security/email-security/email-threat-report.pdf )
Because email is such a vulnerable gateway directly to your users, and customers, it is imperative that a strong security stance is adopted and modern security upgrades like DKIM, DMARC and SPF are applied and maintained on top of solid antispam and antivirus scanning.