• by Ray Schultz , February 25, 2019

Cyber security is lacking at many companies, judging by a pair of new studies.

For example, 83% of all security professionals believe sensitive data has been exposed by employees at their firms, according to a survey by Egress. 

This risk is partly attributable to the amount of unstructured data including emails, documents and files. But it can also be attributed to sloppy company practices.

For instance, 79% of organizations share personally identifiable information (PII) and/or sensitive business data internally without encryption. And 64% share this unencrypted data externally.

The technologies that lead to most data breaches are external emails such as Gmail and Yahoo (51%); corporate email (46%); file-sharing services (40%); collaboration tools such as Slack and Dropbox (38%); and SMS/messaging apps (35%).

The most common employee errors are accidental sharing/wrong email address (the Outlook Auto-Insert problem); email forwarding of sensitive data; sharing attachments with hidden content, and forwarding data to personal email accounts.

Going forward, the respondents rate the following as the biggest threats:

• Malware and/ or ransomware — 48%
• External attacks from cybercriminals — 45%
• Accidental data breaches by employees — 40%
• Phishing and/or spear phishing — 39%
• Malicious internal breaches — 31%
• DDoS attacks — 22%

On the positive side, new regulations have prompted companies to:

• Implement new security policies — 59%
• Invest in new security technologies — 54%
• Invest in regular employee training — 52%
• Restrict the use of external data-sharing tools — 44%

Meanwhile, the 2019 EdgeWave Email Confidence Survey shows that 80% of IT professionals are confident in their current email security gateway’s ability to prevent phishing and other targeted email threats.

But the study says this confidence is misplaced. And of 300 individuals polled, 42% report that their firm recently was the victim of a phishing attack.

The large overlap between firms that were phished and those who believe their email security is adequate is a “baffling disconnect,” the study says.

Moreover, 50% say they aware not very confident that employees are reporting every phishing email they receive. Only 7% were very confident of this. Overall, 57% lack faith that employees are properly handling suspicious emails.

Of the C-level executives polled, including CIOs, 46% say their security team has assessed the threat level as “significant” or “major.” And 40% of the directors and administrations agree.

And while almost half of employees will report a phishing email, over 20% will delete it.