Ever since email came into existence in the 1990s and the high level of awareness of the risks involved, 94% of the organizations surveyed said that it was still a major vulnerability.
At the same time, email threats are expected to increase in the coming year, according to 87% of the 280 decision-makers in Europe, the Middle East and Africa polled by security firm Barracuda, with 75% reporting a steady increase in email attacks in the past three years.
Email threats are expected to increase in the coming year, and according to 87% of decision-makers in Europe, Africa and in the Middle East have confirmed that in the last 3-years 75% report a stable email attack.
Most of the users responded said they experienced email attack by ransomware. Some users have stories of their email being compromised, but nearly everybody has a first-hand account of email attack by brand spoofing attacks, also called brandjacking.
According to researchers, nearly 80% of all email attacks analyzed focused on brand identity theft. The highest proportion of brand spoofing is consistent with findings from a recent phishing report.
Nearly half of the respondents surveyed said that finance has been the area most frequently attacked by cyberattacks sent by email. However, another set of users said that customer service has been the most frequently attacked services, which could indicate a new trend for potential attackers,
“Without proper employee training, these attacks will continue to succeed,” the researchers said in a blog post, noting that training was still hugely lacking across most organizations. A very little group reported that they received safety training only once a year, while 7% said they never received training or were unsure.
The researchers said the lack of regular and thorough safety training was confusing staff or informing about safety protocols. More than half of respondents interviewed by the researcher of Barracuda said that some employees did not follow the safety instructions, and 40% said that their employees used “temporary solutions”.
“The right combination of technology and security awareness training is the key to email attack protection” Barracuda researchers
In addition, researchers point out that some companies are taking steps to reduce email threats, even among 62% of companies that expect their security budgets to stay the same. For example, just over one-third (36%) of respondents reported using instant messaging applications such as Slack or Yammer to reduce email traffic. However, researchers warn that this could change in the future, even though they have seen no attack with information platforms like Slack.
“Any organization going down this route should do so with care, as if we know anything about cyber attackers, it’s that they’re always trying new ways to catch their victims out. In the longer term, the right combination of technology and security awareness training is the key to email attack protection,” they said.
While moving from email to communication devices such as Slack can be tempting in the short term, researchers believe that this tactic may not be effective in the long run, as attackers tend to change tactics to respond to this change.