22 percent of businesses hit by phishing attacks in the last quarter

In the past three months 22 percent of businesses have suffered a data breach as a result of an email attack according to a new report.

The study released by email security platform GreatHorn spoke to more than 1,000 professionals to get a better understanding of the current state of enterprise email security.

The results show that 24.4 percent of survey respondents indicate that malicious email messages, including impersonations, wire transfer requests,  payload attacks/malware, business services spoofing, and credential theft attempts, reach their inbox every day, with an additional 25.4 percent that report seeing attacks at least weekly.

When separating the findings into two groups, email security and white-collar professionals, GreatHorn finds a marked contrast in the frequency of malicious email threats reported. About a third (32.8 percent) of email security experts report seeing threats every day, and an additional 27 percent report weekly, for a total of 59.8 percent seeing threats at least weekly. However, nearly half (48.5 percent) of white-collar professionals report seeing only spam in their inboxes, while only 16.4 percent of email security professionals said the same. This suggests people are failing to identify threats and potentially putting their organizations at risk.

"Our latest research shows that employees -- particularly non-technical professionals -- overestimate the efficacy of their workplace's email security strategy," says GreatHorn CEO Kevin O'Brien. "There is an alarming sense of complacency at enterprises at the same time that cybercriminals have increased the volume and sophistication of their email attacks. Businesses must protect themselves at every point of the email lifecycle, including post-delivery, to adequately protect themselves from modern spear phishing and social engineering attempts."

When asked where their protection systems are falling down, 34.2 percent of email professionals report challenges with remediation. 26.6 percent say their current solution doesn’t stop internal threats -- such as if a user account is compromised, 21.2 percent say their solution misses attacks without a payload -- such as impersonations and social engineering. 19.8 percent express concern that their solution negatively impacts business operations -- by for example producing too many false positives, and 18.9 percent report missing payload attacks such as malicious attachments and links.

The full report is available from the GreatHorn website.

Image Credit: Maksim Kabakou / Shutterstock