SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Report: 80% of organisations faced email-borne attacks last year
Fri, 26th Apr 2019
FYI, this story is more than a year old

Email is an absolutely critical part of everyday life for businesses and consumers alike.

Underlining that statement is research published this year from the Radicati Group, which forecasts there to be 281 billion emails sent every day in 2018.

Consequently, our sheer reliance on email and it's relatively ‘easy way in' has made it a much-targeted avenue by cybercriminals to effectively gain the keys to the kingdom.

Barracuda Networks international sales senior vice president Chris Ross says the problem of email is that it was born in a different generation where cyber threats were few and far between.

According to Ross, email is now the number one threat vector facing organisations today, with new email-borne attacks painting the headlines seemingly on a daily basis.

To gain a better idea of the email security hurdles facing IT security staff, Barracuda Networks conducted a survey of around 630 global organisations, of which 145 came from EMEA.

“It was no surprise to hear that email security threats show no sign of slowing down. Four out of five organisations (80%) faced an attack during the past year, whilst nearly three quarters of EMEA respondents (73%) felt that the frequency is increasing,” says Ross.

“This paints an even more worrying picture when combined with the fact that the vast majority of respondents (72%) felt that the cost of email related breaches was increasing, with nearly a fifth claiming costs have escalated dramatically.

Ransomware has been one of the more prominent attack methods – or at least the most publicised – in recent times. 30 percent of respondents had fallen victim to a ransomware attack, with almost three quarters revealing the attacks had originated from email.

Despite this, more than 80 percent claimed to refuse paying the ransom (as law enforcement and security experts recommend), which begs the question, how is the cost of email breaches on the rise?

“The answer comes in more indirect costs such as distraction of IT teams from other priorities, cited by 65%, and disruption of employee productivity, an issue for 52%,” says Ross.

“Add to this the reputation and remediation costs of information being stolen, something identified by 44%, and you can see where costs of increasing attacks are mounting up. It's no surprise then that 70% of IT professionals told us they were more concerned about email security now than they were five years ago.

According to Ross, the problem with email – and the reason why it is used as an attack avenue so often – is that it allows cybercriminals to directly target employees, with one wrong click enough to let them in.

“Respondents recognised this, with 79% claiming that poor employee behaviour was a greater concern than inadequate tools. There was most concern about individual staff members falling victim (47%) though executives (37%) were also viewed as a potentially dangerous weak link in the security chain,” says Ross.

“When it comes to minimising the human risk the vast majority (89%) of IT security experts believe that end-user training and awareness programmes are important, with over a third (35%) claiming they're critically so.

Despite this, 35 percent still don't train their employees how to spot phishing campaigns, which Ross points out is a very concerning number given Verizon claimed phishing was responsible for 93 percent all breaches it analysed in 2017.

It's not all bad news though, as Ross asserts with in-house training skills becoming increasingly hard to come by and IT teams being stretched thin with multiple priorities, 30 percent of EMEA respondents have sought the help of a third-party training provider, which is a step in the right direction.

Moving forward, Ross says it will be about combining the right training with the right technology to ensure businesses optimise their preparedness for email attacks.

“Respondents claimed social engineering detection (66%) and phishing simulations (61%) were the most beneficial to the organisation. Yet there was also some hope that evolving technologies such as artificial intelligence or machine learning could be a good fit for email security alongside threat detection (60%),” says Ross.

“The one thing that all of these technologies have in common is their ability to protect individual employees. According to these findings that's going to be absolutely critical in the future to ensure that our continuing obsession with email doesn't become a fatal attraction.

Click here to find out more about protecting your network from email threats.