Does your organization use Gmail and the larger Google Workspace? If you’re a small business or tech company, you probably do. In fact, a whopping 92% of startups use Gmail; 60% of mid-sized businesses use it as well. More than 5 million businesses use Gmail.
Despite that, a lot of the security conversation is centered around Microsoft. That’s certainly valid, but it’s time we start talking about Gmail. That’s because Gmail remains an incredibly popular email service for businesses of all sizes. Plus, attackers are not only targeting email, but the entire Google Workspace, including popular apps like Docs and Slides. Without full-suite security, your Google Workspace is at risk.
This came to a head a few weeks ago, when Avanan, acquired by Check Point Software, published an attack brief about the Google Docs comment exploit. The attack occurs when a threat actor adds a comment to a Google Doc (or any part of the Google Workspace). The target is mentioned with an @. By doing so, an email is automatically sent to that person’s inbox.
In that email, which comes from Google, the full comment, including the bad links and text, is included. Further, the email address isn’t shown, just the attackers’ name, making this ripe for impersonators.
We know, based on our research, which Google is about the middle of the road when it comes to preventing phishing emails from reaching the inbox. Despite it faring better than other solutions, that’s still plenty of attacks. Check Point says that its Threat Miss Calculator, estimates that for 500-seat organization, where the average user sees about 20 emails a day, an organization can witness nearly three missed attacks per user, per month. For an organization that has 6,500 employees, the estimated missed attacks per user per month is around 24, 570.