Your Gmail isn’t stopping as many attacks as you think

Your Gmail isn’t stopping as many attacks as you think

03 Mar 2022

Share

Does your organisation use Gmail and the larger Google Workspace? If you're a small business or tech company, you probably do. In fact, a whopping 92% of startups use Gmail; 60% of mid-sized businesses use it as well. More than 5 million businesses use Gmail.

Despite that, a lot of the security conversation is centred around Microsoft. That's certainly valid, but it's time we start talking about Gmail. That’s because Gmail remains an incredibly popular email service for businesses of all sizes. Plus, attackers are not only targeting email, but the entire Google Workspace, including popular apps like Docs and Slides. Without full-suite security, your Google Workspace is at risk.

This came to a head a few weeks ago, when Avanan, acquired by Check Point Software, published an attack brief about the Google Docs comment exploit. The attack occurs when a threat actor adds a comment to a Google Doc (or any part of the Google Workspace). The target is mentioned with an @. By doing so, an email is automatically sent to that person’s inbox.

In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators. We know, based on our research, which Google is about the middle of the road when it comes to preventing phishing emails from reaching the inbox:

Despite it faring better than other solutions, that's still plenty of attacks. Using our Threat Miss Calculator, consider a 500-seat organisation, where the average user sees about 20 emails a day. This are the results:

That's nearly three missed attacks per user, per month.

Or take an organisation with 6,500 employees:

You can see the issue. If you’re concerned about your Google Workspace security, listen to our webinar: https://www.avanan.com/cp/webinars/gmail-attacks

We'll go over some attacks that Gmail missed--which run the gamut from credential harvesting to ransomware--discuss how the entire G-Suite is weaponised, and how to stop the attacks that Gmail and others miss.

Sign up to receive our newsletters and magazine free - click here.

Technology to drive governance and service delivery Technology to drive governance and service delivery

The CSIR and DCoG are set to collaborate in strengthening governance and service delivery to deliver services efficiently and effectively.

Yesterday

Human risk management platform expands visibility into insider threats

Building on the success of its tech partnership Mimecast will add Code42 solution suite into its platform to enhance insider threat detection 

25 Jul 2024

Cellphone giant to invest over R500 million in expanding Eastern Cape connectivity

In the 2023-2024 financial year, Vodacom invested more than R500 million in the Eastern Cape and will spend another R500 million in 2024-2025

24 Jul 2024

New tools for superior investigation and robust infrastructure security

Improved investigation, protection and infrastructure management capabilities are part of the recent updates on Cybereason’s security platform

24 Jul 2024

CHIETA welcomes minister’s commitment to tackling the skills shortage

This financial year at least 31 884 prospective students will benefit from the R3.8 billion comprehensive student funding model

24 Jul 2024

New scheme combines spear tactics in mass phishing campaigns

Between March and May 2024, Kaspersky detected a significant increase in hybrid phishing emails using elements of spear phishing in bulk campaigns

24 Jul 2024

From complexity to simplicity: Seamless and secure self-custody of digital assets

Investing in digital assets is becoming mainstream with a growing base of retail investors eager to diversify their investments

24 Jul 2024

'Never release on Friday’

CrowdStrike released a tiny driver on an ordinary Friday morning and caused a massive outage all over the world

21 Jul 2024

Samsung and Tshimologong celebrate ICT internship programme fourth cohort graduation

The programme focuses on technical skills with emphasis on real-world project experience and professional mentorship

21 Jul 2024

UCaaS, the next evolution of cloud PBX

Soon you can expect UCaaS to become synonymous with business communication in South Africa

21 Jul 2024

Breaking News: Microsoft’s IT Windows update causes chaos

In what may appear like the plot of film “Leave the World behind” is becoming reality, most of the planet woke on Friday to a global IT meltdown.

19 Jul 2024

Diversified computing centres enabling a green and smart Africa

Sponsored

As the course of human innovation accelerates towards a smart world, data centres are becoming key infrastructure

19 Jul 2024

MagazineClick to view

EngineerIT August 2024 Issue

View PDF

EngineerIT July 2024 Issue

View PDF

EngineerIT June 2024

View PDF

Podcasts / Panels

ARMCOIL WEBINAR OCTOBER 2023
01 Nov 2023
Efficiency and Reliability: Exploring Surface & Underground MV Substations with ArmCoil on 26 October 2023.
19 Oct 2023
The importance of Metrology in manufacturing PANEL DISCUSSION
26 Aug 2023
Is it the end of the road for on-premise data centres?
24 Jul 2023
Is facial recognition secure enough to replace fingerprints?
12 Jun 2023
More