Email Security Part Three

by Wally Moore

on November 21, 2018

in Email security, Part 3

Email Security is our theme for this 5 part series and in this third post we continue on with the findings of Barracuda regarding the current trends globally in securing the email for your business.

Which department’s employees do you think are most vulnerable to falling for an email attack, such as phishing?

  • Finance 24%
  • Sales 17%
  • Customer support and service 15%
  • Operations 14%
  • Marketing 9%
  • HR 8%
  • IT 6%
  • Legal 2%
  • Other 6%

It’s not a surprise that finance employees are viewed as the most vulnerable, considering their access to the crown jewels, including bank account information, wire transfer numbers and other valuable business information. It’s somewhat surprising and interesting, however, that employees of legal departments were so far down the list, as they typically have access to strategic information related to lawsuits, sensitive information that could be used for insider trading, and other highly confidential matters.

Why are you most concerned about those employees falling for an email attack?

  • They have greater financial access
  • They are most likely to be targeted
  • They have access to sensitive information and systems
  • They are not aware of the potential consequences
  • They aren't concerned about potential impact of bad behavior
  • They are the most careless

Sales and customer support top the list as the least aware of the potential consequences of making mistakes when receiving a phishing email. This is concerning, as these teams communicate regularly through email, increasing the potential for successful attacks.

What type of email security attack is likely to be the most expensive for your company?

  • Stolen information 40%
  • Ransomware 33%
  • Business Email compromise 27%

There’s no consensus about which type of email security breach would be the most expensive. Information theft is the classic breach example; however, ransomware and business email compromise attacks are still fairly new and have quickly become expensive in their own right, making them appealing to cyber criminals. Criminals apparently prefer direct monetization attacks over traditional theft sales.

Unlike information theft, which requires a buyer, these newer attacks don’t; they cut out the middleman, meaning less work and a faster, better ROI for the criminals.


The threat of ransomware is a concern for 88% of those surveyed. 35% said their organization has already been a victim of ransomware.Where did your ransomware attack originate?

  • Email 75%
  • Web traffic 32%
  • Network traffic 23%

IT pros indicated that ransomware attacks typically came from more than one source. Attacks can be very hard to diagnose, so this could be due to uncertainty or multi-vector attacks, as some sophisticated ransomware scams involve email, website links and malware downloads. Typically, the focus is on resolving the problem as quickly as possible, rather than identifying the source of the attack. Even if an organization has the resources to conduct a root-cause analysis after the fact, there’s no guarantee the source of the attack will be conclusively identified due to their complexity and evolution.

Did your company pay the ransom?

  • No 88%
  • Yes 12%

While the percentage of companies paying the ransom was small, enterprises were more likely to do so than small and mid-sized businesses. Based on how pervasive ransomware attacks have become, along with the accompanying media coverage, it’s somewhat surprising to see such a small percentage of companies paying. Perhaps it’s actually a glimmer of hope: maybe organizations had comprehensive backup solutions in place and were able to rapidly recover critical data without paying.

It’s not surprising that enterprises were more likely to pay ransom than smaller companies; they are more likely to have the resources to do so. They also likely understand that the soft costs of recovering from an attack, including lost time and productivity, can be much higher than paying the ransom.

Thanks for reading Part 3 in this five part series on Email Security Trends

If you would like more information on protecting your email and data, the DTS InfoTech eBook entitled “Data Backup and Disaster Recovery” can be downloaded free here: download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything please call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work