When you realize that email is the means to breach in 96% of the cases, you can’t deny the importance of taking the necessary steps to protect against this security threat; yet studies show that despite this knowledge companies are not allocating enough resources to reduce email risks.When you realize that email is the means to breach in 96% of the cases, you can’t deny the importance of taking the necessary steps to protect against this security threat; yet studies show that despite this knowledge companies are not allocating enough resources to reduce email risks.
A study conducted by the Ponemon Institute reveals a disconnect between concerns about email threats and fraud and the lack of action taken by companies.
- While 80% of organizations are very concerned about their ability to counter email threats, only 29% are taking significant steps to counter the threat.
The study also reveals some of the biggest concerns related to email threats that companies have:
- 82% of organizations fear that hackers could spoof their email domain and hurt the deliverability of legitimate emails.
- 80% of organizations are concerned with the overall state of their current email security.
- 69% of organizations fear they could be hacked or infiltrated via phishing email.
In addition to acknowledging these types of email threats, companies also have concerns about phishing emails directed at employees (74%) and emails as a source of fraud against the company, such as BEC attacks (67%).
You also find that organizations are aware of the dangers of malware infiltrating their network through an email and/or exfiltrating data the same way (66%); and that 65% of organizations consider the threat of hackers impersonating their own company in a phishing attack against other companies and non-employees.
It is clear that the threat of email is acknowledged, the disconnect lies in the investments made and the steps taken by companies to prevent these risks from getting the best of their company.
Only 29% of security pros find their firm is taking significant steps to prevent phishing attacks and email impersonation, while 21% say they are taking no steps at all.
41% of security pros say their organization has created a security infrastructure or plan for email, but out of these, almost half of respondents said there is no schedule for reviewing its effectiveness (39%), or they are unsure of any review schedule (10%). Lastly, only 11% of respondents say their organization reviews the effectiveness of its email security plan quarterly.
In more than 15 years doing cybersecurity, it’s not something new to hear about companies having security plans and not reviewing them or putting them into practice. One of the biggest reasons why security postures with plans in place fail is because they are not reviewed or practiced by the company as a whole consistently.
It’s also no surprise that businesses know about the threats of emails, but that they think they’re doing enough, or that perhaps, they don’t really know what they’re not doing that they should be doing. This is one of the reasons why we’ve integrated into our cybersecurity services something dedicated to phishing emails and preparing employees to not fall victims of phishing or social-engineering tactics.
It’s never a one-stop shop when it comes to taking care of the risks your company faces. Between emails and network security, operational processes, and procedures for unexpected circumstances such as flooding or a major storm, and newborn threats like cryptomining; all of this requires the necessary expertise and steps in place to ensure a company can be proactive against risks and not reactive.
Give us a call to get ahead of your cyberthreats.
A short conversation on what you’re doing will get us to share with you what next steps and options you have to ensure you’re ahead of your threats, email and beyond. Let’s talk!
Photo courtesy of alphaspirit