Which department’s employees do you think are most vulnerable to falling for an email attack, such as phishing?
- Finance 24%
- Sales 17%
- Customer support and service 15%
- Operations 14%
- Marketing 9%
- HR 8%
- IT 6%
- Legal 2%
- Other 6%
It’s not a surprise that finance employees are viewed as the most vulnerable, considering their access to the crown jewels, including bank account information, wire transfer numbers
Why are you most concerned about those employees falling for an email attack?
- They have greater financial access
- They are most likely to be targeted
- They have access to sensitive information and systems
- They are not aware of the potential consequences
- They aren't concerned about
potentialimpact of bad behavior
- They are the most careless
Sales and customer support top the list as the least aware of the potential consequences of making mistakes when receiving a phishing email. This is concerning, as these teams communicate regularly through email, increasing the potential for successful attacks.
What type of email security attack is likely to be the most expensive for your company?
- Stolen information 40%
- Ransomware 33%
- Business Email compromise 27%
There’s no consensus about which type of email security breach would be the most expensive. Information theft is the classic breach example; however, ransomware and business email compromise attacks are still fairly new and have quickly become expensive in their own right, making them appealing to cyber criminals. Criminals apparently prefer direct monetization attacks over traditional theft sales.
Unlike information theft, which requires a buyer, these newer attacks don’t; they cut out the middleman, meaning less work and a faster, better ROI for the criminals.
The threat of ransomware is a concern for 88% of those surveyed. 35% said their organization has already been a victim of ransomware
- Email 75%
- Web traffic 32%
- Network traffic 23%
IT pros indicated that ransomware attacks typically came from more than one source. Attacks can be very hard to diagnose, so this could be due to uncertainty or multi-vector attacks, as some sophisticated ransomware scams involve email, website links
Did your company pay the ransom?
- No 88%
- Yes 12%
While the percentage of companies paying the ransom was small, enterprises were more likely to do so than small and mid-sized businesses. Based on how pervasive ransomware attacks have become, along with the accompanying media coverage, it’s somewhat surprising to see such a small percentage of companies paying. Perhaps it’s actually a glimmer of hope: maybe organizations had comprehensive backup solutions in place and were able to rapidly recover critical data without paying.
It’s not surprising that enterprises were more likely to pay ransom than smaller companies; they are more likely to have the resources to do so. They also likely understand that the soft costs of recovering from an attack, including lost time and productivity, can be much higher than paying the ransom.
Thanks for reading Part 3 in this five part series on Email Security Trends
If you would like more information on protecting your email and data, the DTS InfoTech eBook entitled “Data Backup and Disaster Recovery” can be downloaded free here: download your Free Business Advisory Guide Here.
Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.
If you would like to chat about
Dedicated to your success,
dts|infotech . . . computer networks that work