Mimecast has come out with two reports that should alarm email security experts.
It found that more than 90% of organizations have been hit with phishing attacks, and that around one-fifth have suffered financial harm.
Second, it determined that, of more than 95 million emails examined, 15% were “bad” or “likely bad.”
“It’s a mixed bag,” says Bob Adams, product-marketing manager at Mimecast. “We find the awareness of executive teams and security teams is growing. But you almost wish you didn’t know at the same time. “
Of the 800 IT decision makers surveyed, 94% said their firms had seen untargeted phishing attacks in the last 12 months. And 92% reported targeted attempts.
In addition, the study found that 52% of companies have seen an increase in untargeted phishing with malicious links, and 51% in targeted spear-phishing with bad links. Roughly, 30% apiece say the levels have remained the same.
Of the companies attacked with email impersonation attacks, 32% suffered a data loss, 25%, loss of reputation; 20%, a direct financial hit. In addition, 20% lost customers, and 14% report that employees lost jobs.
The numbers were slightly worse for email impersonation attacks that appeared to be from a trusted vendor: 29% experienced loss of reputation, and 23%, direct financial loss.
Where are companies falling short?
“People are adopting a periodic approach to train users—they have quarterly or annual training,” Adams says. “It’s not as effective.”
Who is to blame?
Nearly half think their firm’s management and finance teams are unable to protect themselves from an attack. And 40% doubt their CEO’s ability to prevent a personal attack. In addition, 37% say their CEO is the weak link in their cyber-security operations, up from 27% in 2017.
Mimecast offers tailored security solutions that allow some users—say, those in finance—to be more restrictive of incoming emails, and others to take a relaxed approach.
Of the companies represented in the study, 23% use DMARC—a 1% drop from last year. But 27% are in the process of rolling out DMARC, and 29% expect to do so in the next 12 months.
However, 40% are completely confident in their GDPR preparedness—a 1% increase over last year. And 48% are somewhat confident.
To deal with the upcoming rollout, 39% have implemented GDPR compliance procedures, up from 29% last year, and 48% plan to do so within the next six months.
In its Email Security Risk Assessment (ESRA) report, Mimecast inspected 95 million emails and found14,277,163 pieces of spam, 9,992 emails containing dangerous file types, and 849 unknown emails with malware attachments -- all missed by providers and delivered to inboxes.
What does this mean for email marketers?
“Everyone wants to get their message out there, and to know how they can bypass email filters,” Adams says. “There is no true magic bullet to prevent all emails from coming in, or to getting one through.”