sb-nz logo
Story image

Workplace inboxes still plagued by phishing attacks

31 May 2019

Mimecast’s annual State of Email Security report confirms that social engineering is still plaguing businesses, along with other email threats including ransomware and phishing attacks.

The report found that impersonation attacks, whereby attackers impersonate a colleague, high-ranking executive or partner in order to trick recipients, increased 67% compared to 2018 figures.

That suggests that cybercriminals are increasingly using the tactic to steal data and deliver threats. Of the 1025 global IT decision makers polled for the study, 73% had been impacted by direct losses as a result of impersonation attacks. Those losses included data loss (40%), financial loss (29%), and customer loss (28%).

Email phishing attacks are still as prevalent as ever – almost all (94%) of respondents indicated that they had experienced phishing and spear phishing attacks in the last 12 months. Additionally, 55% saw an increase in phishing attacks during the same period.

The report found that 61% of respondents believe it is likely or inevitable their organisation will suffer a negative business impact from an email-borne attack this year. The report also found that business-disrupting ransomware attacks are up 26% compared to last year.

Forty-nine percent of respondents noted having downtime for two to three days, whereas 31% experienced downtime for four to five days.

According to Mimecast vice president of threat intelligence Josh Douglas, email security systems should be considered the front line defence for most attacks. But data alone doesn’t create value.

“Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect, and not just focus on indicators of compromise which would only address past problems.”

“Financial, Manufacturing, Professional Services, Science/Technology as well as Transportation Industries are top targets. Understanding these key pain points helps organisations build a more comprehensive cyber resilience plan.”   

Awareness training should be part of that cyber resilience plan. The report says that human error ranks higher for cyber risks that both software flaws and vulnerabilities. 

What’s more, half of surveyed respondents said their organisations conduct awareness training quarterly or less frequently, despite the fact that awareness training is catching on as an effective security tool.

“The most widely used method (62%) of awareness training happens in a group session. Following group training sessions, other popular methods include interactive videos highlighting best/worst security practices (45%), formal online testing (44%), reference lists of tips (44%) and one-on-one training sessions (44%),” the report says.

“These results reinforce the need for engaging training that is delivered persistently over time and that concentrates heavily on helping employees detect and avoid email-borne attacks.”

Download image
Equinix study: Firms turn to NFV to support distributed networks
Decision-makers looking for a solution that virtualises a wide range of network functions should evaluate NFV, study finds.More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More