<img src="https://ws.zoominfo.com/pixel/JV60JGR5LG4sEWlH3Xte" width="1" height="1" style="display: none;">

In 2021, the cybersecurity landscape witnessed an alarming rise in ransomware attacks, occurring at a staggering rate of every 11 seconds. This uptick is not just in frequency; the financial stakes have skyrocketed as well, with average ransom demands soaring from $5,000 in 2018 to an astonishing $200,000 today. High-profile cases have seen demands exceeding the $10 million threshold, highlighting the escalating threat level. Amidst this surge, BEC attacks (Business Email Compromise) have emerged as a particularly insidious threat, exploiting the very fabric of organizational communication to siphon off millions.

Despite the growing awareness and increasing spotlight on these cyber threats, including phishing, BEC attacks, and account takeovers, the response from the cybersecurity industry appears to be lagging. The expectation to bolster security controls and enhance detection policies to thwart such attacks remains a challenge. SecureSky’s Global Threat Intelligence Center's analysis from 2020 to 2021 reveals a concerning trend: infiltrating an organization’s email system remains troublingly straightforward.

Screenshot 2021-08-25 082254-png-1











Assessing the Cybersecurity Posture: A Closer Look at BEC Attacks Vulnerability

In the evolving battle against cyber threats, SecureSky's analysis from 2020 to 2021 reveals a concerning landscape, particularly in the context of BEC attacks and ransomware. Despite a notable improvement in the adoption of security measures among our clients—with the average security score nearly doubling within a year—the findings underscore a stark reality: only about half of the potential security controls and detection policies are being utilized. This gap in defense mechanisms significantly enhances the risk of ransomware, BEC attacks, and other forms of cyber aggression.

Diving deeper into industry-specific data uncovers additional insights. Both the Financial and Healthcare sectors have demonstrated commendable progress in bolstering their cybersecurity postures. However, even these industries, considered frontrunners in adopting security measures, have not fully capitalized on the available protections, with their security implementations peaking at around the 60% mark. This leaves a substantial portion of their defenses either unexploited or improperly configured, thereby not providing the comprehensive protection needed.

The situation appears even more dire within the legal sector, which, on average, has activated less than 20% of the available security controls. Alarmingly, this sector showed no signs of improvement in enhancing its cybersecurity measures from 2020 to 2021. Such a lack of advancement not only exposes the legal sector to heightened risk but also highlights a broader issue across industries: a significant underutilization of available cybersecurity resources and technologies.

This analysis points to a critical need for organizations across all sectors to reassess and significantly enhance their cybersecurity strategies. By fully leveraging the security controls and detection policies at their disposal, businesses can better shield themselves against the ever-present threat of BEC attacks, ransomware, and other malicious endeavors that continue to evolve and escalate in sophistication.

2021 Security Score Industry Averages









The good news is protective controls really can be dramatically improved and quickly if adequate attention is paid to the process. Below are year-over-year scores of three actual SecureSky clients, all of which came to SecureSky in 2020 with significant risk and have made a considerable positive impact in one year, without additional licensing spend.

2020-2021 Year-Over-Year SecureSky Client Security Scores











Enhancing Security Through SaaS Security Posture Management

The deployment of SecureSky’s SaaS Security Posture Management (SSPM) tool, the Active Protection Platform, marked a significant turning point for three representative clients in their battle against cybersecurity threats, including BEC attacks. This advanced platform facilitates continuous assessment, validation, and enforcement of security standards and detection policies, effectively hardening the security posture of business communication platforms and reducing overall cloud risk.

By adopting SecureSky’s methodology of continuous improvement in protective controls, these clients have not only enhanced their defenses against ransomware and BEC attacks but also significantly mitigated their exposure to evolving cloud attack techniques. SecureSky’s Research and Threat Intelligence teams remain at the forefront of combating cybersecurity risks, focusing on innovative strategies to protect both SaaS and IaaS cloud environments.

For more insights into securing cloud environments and mitigating cybersecurity risks, visit our blog at SecureSky Blog.


Thank you for reading the SecureSky Dynamic Cloud Security Blog. 

For more information about SecureSky, or assistance in protecting your Microsoft Teams and cloud SaaS and IaaS environments, please contact us at:


+1 833.473.2759  (+1 833.4SecSky)