Here’s one detail you might not have known about email security: it doesn’t exist.
On the contrary, 61% of all firms fear their businesses will be hurt by email-borne
threats this year, according to "The State Of Email Security Report 2019," a study by Mimecast.
And they’re right to worry. For example:
- 94% of firms suffered
phishing attacks in the last 12 months, and 55% saw increases in phishing.
- 71% had an attack where malicious activity was spread from one employee to others, a 64% increase over the
prior year.
- 67% saw more impersonation and business email compromise attacks, and 73% of the victims suffered a direct loss from such incursions.
That’s not all.
Another 88% saw email-based spoofing of business partners or vendors, and 41% saw an increase in internal threats and data leaks.
This has to erode the trust needed by email
marketers to get their messages opened.
advertisement
advertisement
Overall, business-disrupting ransomware attacks are up 26% over last year. And 49% of those polled suffered downtime for two to three days,
and 31% for four to five days.
“IT decision-makers are losing confidence in their organization’s ability to prevent the worst,” Mimecast states.
The most
affected companies were in the finance, manufacturing, processional services and sci/tech industries, in that order, according to the report. Telecoms, agriculture, forestry and fishing and nonprofits
were, happily for them, at the bottom of that scale.
Worse, this problem is global. The study reports that 62% of businesses in the UAE were hit by ransomware attacks, as were 61% in the U.S.,
60% in Germany, 51% in Australia, 43% in the Netherlands and 39% in the UK.
Here are the harms they endured:
- Data loss — 39%
- Direct financial loss —
29%
- Loss of customers — 28%
- Some employees lost their jobs — 27%
- Loss of reputation — 20%
- Lost their position in our market — 11%
- Don’t know — 2%
- Their organization has suffered no losses due to an email-based impersonation attack in the last 12 months — 20%
The situation could be
improved with better employee training. But it’s not clear that firms have acted on that idea.
Mimecast conducted a phishing simulation at a technology firm with over 6,500
employees.
It found that 12% clicked on the suspicious simulated emails, whereas 76% didn’t. That 12% is frightening, since only one opened phishing email can create
havoc.
And it wasn’t as if they studied the email first. Among the 12% who clicked on the emails, 7% clicked in under one second, 3% clicked at 30 seconds and 2% took
longer.
The main lessons from this report? We quote Mimecast:
- Playing defense only won’t cut it; in 2019 and beyond, you’ve got to be prepared for the
worst.
- Security breeches don’t just slow you down, they have a direct impact on your business.
- If you’re part of a supply chain, you’re a significant
target.
- Awareness training needs serious attention, improvement and investment.
Vanson Bourne, a research firm commissioned by Mimecast, surveyed 1,025 IT decision
makers worldwide.