sb-eu logo
Story image

Opinion: Weighing up the email security threat in EMEA

12 Jun 2018

Article by Barracuda international SVP Chris Ross

Despite numerous attempts to dethrone it over the past few years, email continues to be the defacto for business communications. In research published last year, The Radicati Group estimated that more than 281bn email messages would be sent every day in 2018.

Email certainly isn’t going anywhere in a hurry. Which is music to the ears of cyber attackers.

Email was built for a different time, one in which cyber threats were few and far between. It should come as no surprise that email is the number one threat vector facing organisations today, with new email-borne attacks grabbing the headlines on a regular basis. Terms like ransomware, social engineering, phishing and trojans have gained widespread recognition.

We wanted to find out more about the impact of the email security challenge facing IT security practitioners but also the threat posed by the crucial human factor. So we conducted a short survey, generating around 630 global responses, of which 145 came from EMEA organisations.

More attacks + higher costs = greater risk

It was no surprise to hear that email security threats show no sign of slowing down. Four out of five organisations (80%) faced an attack during the past year, whilst nearly three quarters of EMEA respondents (73%) felt that the frequency is increasing. This paints an even more worrying picture when combined with the fact that the vast majority of respondents (72%) felt that the cost of email related breaches was increasing, with nearly a fifth claiming costs have escalated dramatically.

When asked about ransomware specifically, 30% of respondents said that their organisation had fallen victim, with nearly three quarters saying that these attacks had originated via email. Yet 81% claimed not to have paid the ransom, a tactic recommended by law enforcers and experts. How, then is the cost of email breaches on the rise?

The answer comes in more indirect costs such as distraction of IT teams from other priorities, cited by 65%, and disruption of employee productivity, an issue for 52%. Lost staff productivity and business interruption will certainly hit the bottom line, alongside the identification, remediation and clean up of threats and other consequences of cyber attacks. Add to this the reputation and remediation costs of information being stolen, something identified by 44%, and you can see where costs of increasing attacks are mounting up.

It’s no surprise then that 70% of IT professionals told us they were more concerned about email security now than they were five years ago.

The size of the insider threat

One of the reasons that email threats are so effective is that they allow attackers to directly target employees. One wrong click could be enough to let the bad guys in, making employee behaviour hugely important in the fight against email threats. Respondents recognised this, with 79% claiming that poor employee behaviour was a greater concern than inadequate tools. There was most concern about individual staff members falling victim (47%) though executives (37%) were also viewed as a potentially dangerous weak link in the security chain. Departments with access to sensitive information were seen as most at risk, with finance (26%) and sales (18%) departments singled out.

When it comes to minimising the human risk the vast majority (89%) of IT security experts believe that end-user training and awareness programmes are important, with over a third (35%) claiming they’re critically so. However, a sizeable number (35%) still don’t train their employees on how to spot phishing and spear-phishing. Given that Verizon claims that phishing was responsible for 93% of all breaches it analysed last year this is quite concerning.

Combining technology and training

With in-house training skills increasingly hard to come by and IT teams having their time taken up by multiple priorities, it’s heartening to see that 30% of EMEA respondents have sought the help of a third-party training provider.

A combination of the right training with the right technology will help businesses to increase their preparedness for email attacks. Respondents claimed social engineering detection (66%) and phishing simulations (61%) were the most beneficial to the organisation. Yet there was also some hope that evolving technologies such as artificial intelligence or machine learning could be a good fit for email security alongside threat detection (60%).

The one thing that all of these technologies have in common is their ability to protect individual employees. According to these findings that’s going to be absolutely critical in the future to ensure that our continuing obsession with email doesn’t become a fatal attraction.

Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More