The unwitting participant appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an organization to do?
When you think of cyberattacks, the assumption is that it’s a simple matter of “the bad guy sends an email, the user gets fooled, the user clicks malicious content, and the badness happens.” But the State of Email Security 2020 report from Mimecast sheds some light on some of both the how and why attacks are still successful.
According to the report:
- 51% of organizations have been impacted by ransomware in the last 12 months
- 58% saw phishing attacks increase
- 60% have seen an increase in impersonation fraud
- 82% have experienced downtime from an attack
These numbers aren’t good. Way too many organizations are feeling the pain of email-based cyberattack, despite knowing the problem is only getting worse. So, why are organizations proving to be such easy targets for email-based cyberattacks?
According to the report, it’s a problem-riddled combination of issues involving your people, processes and technology. In essence, the lack of sufficient presence of all three plays a role. From the report:
- An average of 41% of organizations don’t have a system in place to monitor for and detect malicious content in emails (Technology)
- 55% of organizations don’t provide security awareness training on a regular basis (Process)
- 60% of organizations have experienced their own employees being responsible for spreading a malicious email (People)
With 60% of organizations believing they will be the victim of an email-borne attack in the coming year, organizations need to be taking steps to protect themselves with a security strategy that addresses all three issues. Putting a layered security strategy in place that detects malicious content before it ever reaches your users is imperative.
But, because no solution is 100% foolproof, it’s equally as important to ensure users are continually educated using security awareness training. By doing so, you will improve the organization’s security posture, and keep users from participating in the spread of malicious emails.