Email is still the biggest security risk around today

Email warning
(Image credit: Shutterstock)

New research from Mimecast has revealed that 60 percent of organizations expect to suffer an email-borne attack in the coming year, highlighting the fact email continues to be the most popular attack vector among cybercriminals.

To compile its fourth-annual State of Email Security 2020 report, the email and data security company surveyed 1,025 global IT decision makers on the current state of cybersecurity. The report also contains Mimecast's analysis from the first 100 days of the coronavirus outbreak to show how cybercriminals have leveraged the public health crisis for their own gain.

Of those surveyed, 77 percent of respondents said that they have or are currently rolling out a cyber resilience strategy at their organizations. Despite this though, more than half (60%) believe they will experience an email-borne attack in the coming year. 

The IT decision makers that participated in Mimecast's survey cite data loss (31%), a decrease in productivity (31%) and business downtime (29%) as a result of a lack of cyber resilience preparedness at their organizations.

Email-based threats

With more employees working from home than ever before as a result of the pandemic, cybercriminals have seized this opportunity to launch attacks on remote workers and their organizations.

According to Mimecast's report, domain-spoofing and email-spoofing have both become mainstream attack vectors. Nearly half (49%) of the organizations surveyed report anticipating an increase in web or email spoofing and brand exploitation in the next 12 months.

At the same time, impersonation attacks, phishing attempts and ransomware continue to be a major problem for businesses. Of those surveyed, 72 percent said phishing attacks remained flat or increased in the last 12 months while 74 percent said the same about impersonation attacks. Ransomware also continues to be a huge problem for organizations as just over half of respondents (51%) said that a ransomware attack had impacted their organization.

Vice president of threat intelligence at Mimecast, Joshua Douglas provided further insight on the report's findings and stressed the need for greater cyber resilience in a press release, saying:

“We’re seeing the same threats that organisations have faced for years playing out with tactics matched to world events to evade detection. The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential. It’s likely that cyber resilience strategies are lacking key elements, or don’t have any at all, depending on the organisation’s maturity in cybersecurity. Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation. This means organisations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity.”

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.