Email is still the most vulnerable communication tool in your business

Concept art representing cybersecurity principles
Nytt DDoS-rekord (Image credit: Shutterstock / ZinetroN)

Despite professional users opting for a wide variety of communication tools and instant messaging platforms, email is still the biggest cybersecurity concern. 

This is according to “Tackling SaaS Communication and Collaboration Security Challenges: Trends and Strategies for Enterprises,” a new report published by IRONSCALES and TechTarget’s Enterprise Strategy Group (ESG).

After surveying nearly 500 IT and cybersecurity professionals from private and public sector organizations throughout the U.S. and Western Europe, the two firms found that 38% of respondents still view email as the most vulnerable communication and collaboration tool in the enterprise environment. 

Persistent gaps

Phishing attacks (34%) and business email compromise (BEC) scams, which often result in wire transfer fraud, payroll fraud, and payment fraud (28%) are the three attacks hackers were most successful in pulling off last year. 

Despite everyone’s investments and other efforts to prioritize email security, “persistent gaps” are notable, the report further claims. The current email security strategies for nearly a quarter (23%) do not have comprehensive security awareness training and assessments, it was found. 

For Audian Paxson, Director of Technical Product Marketing at IRONSCALES, that’s the key problem, as without proper human insight, there will always be vulnerabilities.

"This research is highlighting the reality that there is only so much technology alone can do to protect against advanced phishing and BEC attacks,” Paxson said. “Native tooling can provide some useful table stakes, but stopping advanced phishing attacks requires a more sophisticated set of tooling." 

"Enterprises are recognizing that to thwart emerging threats, especially those leveraging social engineering and AI, they need to complement their AI-powered email security solutions with collaborative human insights." 

Furthermore, a quarter of respondents are constantly wary of inbound email attacks that are successful in bypassing email security solutions.

Indeed, a separate report published in March by Secureworks says BEC attacks doubled between January and December 2022, becoming the most common type of attack, ahead of ransomware.

The company believes this explosive growth in BEC attacks has its roots in successful phishing campaigns, which account for a third (33%) of incidents where an initial access vector (IAV) could be established. A year ago, phishing accounted for merely 13% of incidents (up 3x year-on-year). 

But some companies are taking proactive steps in securing their workforce’s most popular communications tool: more than a third (34%) implemented extra third-party security controls, while almost half (46%) are planning on doing so in the next 12 months.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.