GreatHorn, an incident-response consulting firm has released their Email Security, Challenges, Trends and Benchmark Report 2019 revealing that the corporate world and email users, in general, has not yet learned its lessons with regards to safeguarding from phishing attacks. The study GreatHorn said aims to increase awareness with regards to email-based threats and the continued desperate actions done in order to somehow contain it. The study is the result of the carefully extracted responses from a group of 1021 email system administrators and other professionals using email on their day-to-day jobs across the board (all industries). GreatHorn takes pride in having diversified respondents for the study, 56.8% of them representing the email security professionals that administer email service for their organizations. The rest of the sample, 43.2% of the respondents are categorized as people inside the organization that have nothing to do with email security setup, adjustments, and changes.
- Compared to the last report, damage control needs after handling an email security issue rose to 34%. That is a significant rise compared to the 20% remediation rates from the previous report.
- Email-based threats increased, as the report covers the population size of 1021, 22% of them admitted that their respective organization has a reported incident of a data breach in the past three months.
- 49.8% of people participated in the study insisted that their mailboxes contain undesirable content, usually emails containing infected attachments and/or phishing content.
- There is a gap of email threat knowledge between the IT professionals/IT enthusiast vs how ordinary Joe thinks about after watching how their offices operate their email system irresponsibly. The only way to harden the email system is to offer training for those white-collar professionals but not fully trained in IT.
“In short, the current state of email security is shaky. Email security professionals need to be more vigilant as end-users are seeing more threats making their way to inboxes—25% more compared to last year,” explained the GreatHorn report.
This highlights the need for CISO (Chief Information Security Officer) to have real decision-making powers. As email becomes part of Software-as-a-Service (SaaS), the exact responsibility for email security and privacy falls more on the service provider instead of the local IT team. The obligation to counter phishing attacks belongs to the service provider, and lesser to the company itself. “More than one-quarter of email security professionals report that payload attacks (e.g. malicious/suspicious attachments or links)—despite being the threats most heavily guarded against—are still making it through their cybersecurity defenses,” added the report.
Though more companies are going to the direction of Google Docs or Office 365 for their email, hence the security infrastructure is now owned by a tech giant, Google or Microsoft. Unfortunately, IT professionals still claim they see infection through email. “More than one-quarter of email security professionals report that payload attacks (e.g. malicious/suspicious attachments or links)—despite being the threats most heavily guarded against—are still making it through their cybersecurity defenses. Smaller companies (defined as fewer than 500 employees) seeing a slightly higher rate of most email attack types with the exception of credential theft attempts (39.8% large companies vs. 25.6% smaller companies),” said the report.