• by Ray Schultz , Columnist, December 17, 2018

It’s no secret that companies have been financially damaged by phishing attacks. Here are two other dangers that alarm them: harm to email deliverability and to their brands, according to "Email Impersonation Attacks: The Unseen Brand Threat," a study released last week by Ponemon Institute, sponsored by Valimail. 

Almost two-thirds fear brand damage from email spoofing attacks. But IT departments are more on edge about it than marketing departments.

Ponemon Institute surveyed 400 marketing professionals. The report is a follow-up to its "Email Impersonation Attacks: A Clear And Present Danger."

Of those polled, 78% say their firms have suffered an attack in the last 12 months. This is confirmed with certainty by 45%, with 33% saying they “most likely’ have been attacked. Only 7% said they were not.

In general, 56% worry about getting hacked or infiltrated via a phishing email. In addition, 55% fear email impersonations by hackers. And 52% fret about hackers spoofing the email domain to hurt the deliverability of legitimate emails.

The most feared results of such hacking? Email deliverability right now (64%), the company’s state of email security (61%) and damage to the brand caused by email spoofing (60%).

One of their problems may be that they rate end-user convenience as more important than security. The study shows that 77% of marketers rate convenience of end users as important when deploying email security solutions in the workplace. And 71% of IT people see it that way.

Predictably, IT personnel are worried about security than marketers, despite the threat to brands. Of the IT staffers polled, 82% fear hackers spoofing the email domain to hurt the firm’s email delivery. But only 52% of marketers are troubled.

In addition, 80% of IT people worry about their firm’s state of email security now, versus 61% of the marketers.

Yet marketers seem more aware of breaches, with 45% saying with certainty that they have suffered one in the past 12 months, compared with only 30% of the IT personnel. At the same time, 67% of those in IT say impersonation attacks are the most dangerous email threat, vs. 44% of marketers.

"This survey shows that marketing executives are, on average, far less aware of email threats that could impact their brands than their colleagues in IT and IT security," states Larry Ponemon, the CEO of Ponemon Institute. "However, it's also clear that there are real opportunities for both departments to score gains in deliverability and security by aligning on anti-phishing technologies." 

In another finding, Ponemon reports that 55% are “not confident they now all the vendors and services that are sending email using their companies' domain name in the "from" field of the message. On average, each firm uses 13 cloud-based services to send their emails.

What actions are they taking in the next 12 months to improve email deliverability and prevent brand abuse?

• Anti-spam or anti-phishing filters — 63%
• Secure email gateway (SEG) technology — 55%
• Security information and event management (SIEM) technology —38%
• Anti-phishing training for employees — 30%
• DMARC — 28%
• DKIM — 21%
• SPF — 15%
• Other — 5%
• None of the above — 11%