Story image

Report: 80% of organisations faced email-borne attacks last year

26 Apr 2019

Email is an absolutely critical part of everyday life for businesses and consumers alike.

Underlining that statement is research published this year from the Radicati Group, which forecasts there to be 281 billion emails sent every day in 2018.

Consequently, our sheer reliance on email and it’s relatively ‘easy way in’ has made it a much-targeted avenue by cybercriminals to effectively gain the keys to the kingdom.

Barracuda Networks international sales senior vice president Chris Ross says the problem of email is that it was born in a different generation where cyber threats were few and far between.

According to Ross, email is now the number one threat vector facing organisations today, with new email-borne attacks painting the headlines seemingly on a daily basis.

To gain a better idea of the email security hurdles facing IT security staff, Barracuda Networks conducted a survey of around 630 global organisations, of which 145 came from EMEA.

“It was no surprise to hear that email security threats show no sign of slowing down. Four out of five organisations (80%) faced an attack during the past year, whilst nearly three quarters of EMEA respondents (73%) felt that the frequency is increasing,” says Ross.

“This paints an even more worrying picture when combined with the fact that the vast majority of respondents (72%) felt that the cost of email related breaches was increasing, with nearly a fifth claiming costs have escalated dramatically.”

Ransomware has been one of the more prominent attack methods – or at least the most publicised – in recent times. 30 percent of respondents had fallen victim to a ransomware attack, with almost three quarters revealing the attacks had originated from email.

Despite this, more than 80 percent claimed to refuse paying the ransom (as law enforcement and security experts recommend), which begs the question, how is the cost of email breaches on the rise?

“The answer comes in more indirect costs such as distraction of IT teams from other priorities, cited by 65%, and disruption of employee productivity, an issue for 52%,” says Ross.

“Add to this the reputation and remediation costs of information being stolen, something identified by 44%, and you can see where costs of increasing attacks are mounting up. It’s no surprise then that 70% of IT professionals told us they were more concerned about email security now than they were five years ago.”

According to Ross, the problem with email – and the reason why it is used as an attack avenue so often – is that it allows cybercriminals to directly target employees, with one wrong click enough to let them in.

“Respondents recognised this, with 79% claiming that poor employee behaviour was a greater concern than inadequate tools. There was most concern about individual staff members falling victim (47%) though executives (37%) were also viewed as a potentially dangerous weak link in the security chain,” says Ross.

“When it comes to minimising the human risk the vast majority (89%) of IT security experts believe that end-user training and awareness programmes are important, with over a third (35%) claiming they’re critically so.”

Despite this, 35 percent still don’t train their employees how to spot phishing campaigns, which Ross points out is a very concerning number given Verizon claimed phishing was responsible for 93 percent all breaches it analysed in 2017.

It’s not all bad news though, as Ross asserts with in-house training skills becoming increasingly hard to come by and IT teams being stretched thin with multiple priorities, 30 percent of EMEA respondents have sought the help of a third-party training provider, which is a step in the right direction.

Moving forward, Ross says it will be about combining the right training with the right technology to ensure businesses optimise their preparedness for email attacks.

“Respondents claimed social engineering detection (66%) and phishing simulations (61%) were the most beneficial to the organisation. Yet there was also some hope that evolving technologies such as artificial intelligence or machine learning could be a good fit for email security alongside threat detection (60%),” says Ross.

“The one thing that all of these technologies have in common is their ability to protect individual employees. According to these findings that’s going to be absolutely critical in the future to ensure that our continuing obsession with email doesn’t become a fatal attraction.”

Click here to find out more about protecting your network from email threats.

Story image
08 Nov
Enterprises look to zero trust network access to thwart VPN attacks
“Though it is encouraging to see so many organisations are pursuing ZTNA to close gaps created by VPNs, I am surprised that more than half of those surveyed believe their current infrastructure is reliable enough to protect the enterprise."More
Story image
28 Nov
IDC names Trend Micro number one vendor for SDC security
The new independent report: Worldwide Software Defined Compute Workload Security Market Shares, 2018 revealed Trend Micro achieved a market share lead of 35.5%, almost triple its nearest competitor in 2018.More
Story image
03 Dec
Fortune 500 firms weigh in on equipment failure risk
Fortune 500 companies are increasingly concerned about the risks of critical equipment failure and cyber attacks on industrial control systems.More
Story image
14 Nov
Lack of PCI DSS compliance putting payment security at risk
Organisations across Asia Pacific are demonstrating stronger payments security compliance compared to other parts of the world, however global trends indicate that payments security compliance has dropped for the second year in a row.More
Story image
05 Nov
Proofpoint acquires insider threat management firm ObserveIT
Proofpoint will hand over US$225 million as part of a new arrangement to acquire insider threat management platform ObserveIT.More
Story image
Acronis makes strategic acquisition to strengthen security portfolio
Acronis will integrate 5nine’s technology into the Acronis Cyber Platform, making new services available through the Acronis Cyber Cloud Solutions portal.More