As email-based threats have grown in number as well as severity, new research from the security firm Barracuda has revealed that 94 percent of organizations see email as their top security vulnerability.
To compile its new You've got mail, The rise of email threats (opens in new tab) report, the firm surveyed 280 decision makers in Europe, the Middle East and Africa to find that 87 percent of respondents expect email threats to increase in the coming year with 75 percent reporting a steady increase in email attacks over the last three years.
Of those surveyed, almost half (47%) have been hit by a ransomware attack as a result of an employee opening a suspicious email and 31 percent fell victim to a business email compromise (BEC) attack. However, the majority (75%) of organizations have been hit by a brand impersonation attack.
- One trillion phishing emails sent every year
- Hackers target Office 365 business accounts
- US presidential candidates aren't using basic email security
Barracuda's research found that finance departments are the most targeted by email-borne cyber attacks according to 57 percent of respondents. Though 32 percent said that customer support was their most targeted department which could signal the start of a new trend among would-be attackers.
Lack of security training
The report also highlighted the need for more regular and in-depth security training to help employees better detect email-based threats.
Employees are often confused or unaware of the security protocols at their organizations due to lack of training and 56 percent of those surveyed stated that some of their employees do not follow security policies. Additionally, 40 percent said their employees have been using workarounds to bypass security which could put their organizations further at risk.
To help reduce email traffic and email-based threats, many organizations are considering using instant messaging applications such as Slack or Yammer. However, Barracuda's researchers warn that if this becomes a trend, cybercriminals will likely begin to use these services to launch attacks, saying:
“This approach comes with a warning from us: while we haven’t yet seen attacks using messaging platforms such as Slack, this may well change in the future and doesn’t necessarily mean that these platforms are immune to attacks. Any organisation going down this route should do so with care, as if we know anything about cyber attackers, it’s that they’re always trying new ways to catch their victims out.”
While switching communication platforms could be a short term fix, in the end only improved security training about the threats that emails can contain will help organizations from falling victim to them.
- Keep your systems protected from the latest cyber threats with the best antivirus
Via Computer Weekly (opens in new tab)