60 percent of organizations expect to suffer attacks by email
Email is still a favorite attack route for cyber criminals a new study reveals, 77 percent of respondents say they have or are actively rolling out a cyber resilience strategy, yet an astounding 60 percent of respondents believe it is inevitable or likely they will suffer from an email-borne attack in the coming year.
Respondents to the Mimecast survey of more than 1,000 IT decision makers cite other worries as data loss (31 percent), a decrease in employee productivity (31 percent) and business downtime (29 percent) due to a lack of cyber resilience preparedness.
"We're seeing the same threats that organizations have faced for years playing out with tactics matched to world events to evade detection. The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential," says Joshua Douglas, Mimecast's vice president of threat intelligence. "It's likely that cyber resilience strategies are lacking key elements, or don't have any at all, depending on the organization’s maturity in cybersecurity. Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation. This means organizations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity."
Nearly half of organizations (49 percent) surveyed report anticipating an increase in web or email spoofing and brand exploitation in the next 12 months, and it is a rising concern. In fact, 84 percent of respondents feel concerned about an email domain, web domain, brand exploitation, or site spoofing attack.
Phishing attacks are still a problem with 72 percent of report participants saying phishing attacks have remained flat or increased in the last 12 months and 74 percent reporting the same of impersonation attacks.
There is an encouraging note in the 97 percent of the respondents whose organizations offer security awareness training at varying frequencies and formats. However, 60 percent of those surveyed report having been hit by malicious activity spread from employee to employee, suggesting that the format or frequency of this training could be a problem.
You can read the full report on the Mimecast site.
Photo Credit: Balefire/Shutterstock