Email Security Part Two

by Wally Moore

on November 12, 2018

Email security threats are pervasive. 87% of IT security professionals said their company faced an attempted email-based attack in the past year. Three in four are more concerned about email based security now than they were five years ago.

81% said the frequency of email-borne attacks has increased in the past year: 25% said it increased dramatically and 56% said it increased somewhat. 81% also said the overall cost of an email security breach is increasing: 22% said it is increasing dramatically and 59% said it is increasing somewhat.

Which is a greater email security concern?

  • Poor employee behavior or inadequate tools
  • Poor employee behavior is the main concern for most, not the tools that organizations have in place to stop threats. This has always been conventional wisdom; the data now backs it up. It’s not surprising humans are the weakest link when it comes to phishing attacks. We’re curious and helpful by nature, which is why social engineering attacks are popular and profitable for cybercriminals.

What has been the impact of attempted email-based security threats?

  • Our IT team has been pulled off­ other priorities to deal with the threats 67%
  • Employee productivity has been interrupted 61%
  • We have had direct monetary loss associated with the breach (i.e. paying a ransom or unintentionally transferring money) 11%
  • We had a reputational hit because of required customer communications or stories in the news 10%
  • Attempted email-based attacks have already impacted their businesses with interruptions and monetary loss, according to 88% of the IT pros. Half said they are more concerned about email-based threats than any other types of security threats.

Which employees are you most concerned about falling for an email attack, such as phishing?

  • Individual contributors 46%
  • Executives 39%
  • Team managers 15%

Why are you most concerned about those employees falling for an email attack?

  • They are most likely to be targeted
  • They have access to sensitive information and systems
  • They have greater ­financial access
  • They are the most careless
  • They are not aware of the potential consequences
  • They aren't concerned about potential impact of bad behavior

There’s no consensus about the type of employee most likely to fall for an attack. Criminals are potentially balancing their attacks and not necessarily targeting any particular type of employee. Email attacks are a numbers game; the more attempts made, the more likely someone will fall for one – and there are a lot more individual contributors available to attack than executives. However, the payoff could be larger when executives fall for a social-engineering attack, due to the availability and quantity of sensitive information they have access to, which explains the increasing popularity of spear phishing and whaling. While frontline staff has less access to sensitive data, they are also less aware of the risks and impacts related to mistakes they can make, perhaps making them easier targets. Criminals are operating their scams like businesses, making risk-versus-reward decisions every day. They are continually experimenting to figure out what works and what doesn’t.

Thanks for reading Part 2 in this five part series on Email Security Trends

If you would like more information on protecting your email and data, the DTS InfoTech eBook entitled “Data Backup and Disaster Recovery” can be downloaded free here: download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything please call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . secure computer networks that work