Eighty-two percent of email servers allow for unauthorized messages to be sent disguised under the company's own domain, according to a KnowBe4 report.
For the report, the security awareness training platform KnowBe4 analyzed more than 10,000 email severs, 82 percent of which they deduced were misconfigured. This incorrect setup leaves room for a cyberattacker to send emails under a company's own domain, to impersonate an administrator, executive or another employee. These emails might ask the recipient to update their email account credentials, leaving them vulnerable to phishing and ransomware attempts.
Phishing emails are the main way ransomware is disseminated, according to the report. The three phishing subject lines that employees were most likely to click included: "Email Account Updates," "Re: Your Vacation Request" and "Internet Capacity Warning."