The State of Email Security Report, from email and data security company Mimecast, found that cyber criminals continue to use email as a primary vehicle to steal data and deliver advanced threats, and the results of this research provide valuable insights and trends around what’s affecting organisations the most and how they can improve their overall security posture.
Social engineering attacks are a rising concern for organisations, Mimecast said, because they’re “often one of the most difficult to control”.
“Most notably, the report found that impersonation attacks increased [by] 67 per cent in comparison to the results in last year’s report — with 73 per cent of those organisations impacted by impersonation attacks having experienced a direct loss, specifically loss of customers (28 per cent), financial loss (29 per cent) and data loss (40 per cent),” it reported.
“Phishing attacks were the most prominent type of cyber attack, with 94 per cent of respondents having experienced phishing and spear phishing attacks in the previous 12 months, and 55 per cent cited seeing an increase in phishing attacks over the same time period.”
Not only are email-based attacks on the rise, Mimecast continued, but they are also “affecting how confident people are in their organisation’s cyber security defenses”, and ultimately, their ability to do their jobs.
“61 per cent believe it is likely or inevitable their organisation will suffer a negative business impact from an email-borne attack this year,” the company espoused.
“Also, business-disrupting ransomware attacks are up [by] 26 per cent in comparison to last year. 49 per cent of respondents noted having downtime for two to three days, whereas 31 per cent experienced downtime for four to five days.”
Mimecast vice-president of threat intelligence Josh Douglas said that email security systems are the frontline defense for most of attacks, but that having and providing data on these attacks is “not what creates value for most respondents”.
“Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect, and not just focus on indicators of compromise which would only address past problems,” he said.
“The top five industries being impacted by impersonation attacks [are] financial, manufacturing, professional services, science/technology and transportation industries. Understanding these key pain points helps organisations build a more comprehensive cyber resilience plan.”