Check Point Software: Does your organization use Gmail and Google Workspace more widely? If you are a small business or technology company you probably do.
In fact, 92% of start-ups, 60% of mid-sized businesses and more than 5 million businesses they use Gmail.
However, most of the security talk is centered around Microsoft. That's perfectly fine, but it's time to also talk about Gmail, which remains an incredibly popular email service. post officefor businesses of all sizes. Additionally, when it comes to Gmail, attackers aren't just targeting email, but Google Workspace as a whole, including popular apps like Docs and Slides. Without full suite security, Google Workspace is at risk.
The issue arose a few weeks ago when Avanan, which was acquired recently από την Check Point Software, δημοσίευσε μια αναφορά attacks about the exploiting their comments Google Docs.
An attack occurs when a threat agent adds a comment to a Google Document (or anywhere in the Google Workspace). The target is indicated by an @. This automatically sends an email to this person's inbox.
This email, which is from Google, includes the full comment, including bad links and text. Additionally, the email address is not displayed, only the name of the attacker, making it ready for imitators.
We know, based on our research, that Google is about halfway there in preventing phishing emails from reaching inbox:
Although it works better than other solutions, the percentages we find using Check Point Threat Miss Calculator they still show a lot attacks. For example, in a 500-seat organization where the average user sees about 20 emails per day, the results are:
The numbers show almost three lost attacks per user, per month.
Ή in an organization with 6.500 employees:
You can definitely see the problem.
If you are interested in the security of Google Workspace, you can watch the webibar: https://www.avanan.com/cp/webinars/gmail-attacks, in which we will look at some of the attacks that Gmail has lost - which include both the theft of credentials and ransomware.