Phishing is on the rise, ransomware continues to be a threat, and email exploits are more popular than ever. Here are the email security risks and what you can do about them in 2020.
Image: Vladimir Obradovic, Getty Images / iStockphoto
Security provider Mimecast has released its fourth annual report on the state of email security for 2020.
Many of the results in the report indicate an increase in the total volume of email-based attacks in the past year. for example. 58% reported an increase in phishing attempts, and 85% of respondents said the amount of web and email spoofing they face will remain the same or increase in the coming year.
Other notable data points include the fact that 82% of respondents had downtime due to an email-based attack, 77% believed that weak passwords were a particular problem, and that 60% of companies were affected by an attack that affected them spread from one user to another.
The report includes email security data. For those looking for action items, Mimecast has provided a list of 10 takeaways that point out particular risks and offer IT security decision-makers some opportunities to focus over the coming months.
SEE: Security awareness and training policy (TechRepublic Premium)
10 Email Security Measures in Mimecast's 2020 Report
1. Executives are beginning to appreciate the email risk for what it is: constant
60% of respondents said they would be affected by an email-based attack in the coming year. Mimecast said this shows "a thorough understanding of the potential risk of email attacks".
2. Identity change, phishing and business email compromises (BEC) are increasing rapidly
74% said phishing has increased over the past year, and the global pandemic is making things worse. Mimecast reports that impersonation fraud increased by 30% in the first 100 days after the pandemic ban.
Not surprisingly, the COVID-19 pandemic saw a massive surge in email-based attacks, with many employees working outside of the tightly controlled corporate networks that they typically rely on for security reasons. "An increase in the variety and volume of attacks is inevitable because financially and criminally motivated actors want to receive personal and confidential information," the report said.
3. Ransomware does not go away
The ransomware infection rates in Mimecast's reports from 2018, 2019, and 2020 remained constant at "more than half" because they were concerned with ransomware in their networks. On average, these attacks resulted in three days of downtime.
4. The necessary training does not take place
According to Mimecast, monthly security training sessions only take place in 21% of companies, and only 17% are refreshed once a year. "If employees are expected to be" the human firewall "or" the last line of defense, "as they are often called, companies as such must invest in them," the report said.
5. Email security suffers without training
Mimecast offers email security awareness training. Research shows that users who have not received it are five times more likely to click malicious links. Clicks on these malicious links can be costly, according to the report, since 60% of respondents said that security incidents in their organizations resulted from the spread of malware from one employee to another.
SEE: Network security policy (TechRepublic Premium)
6. Poor email security can damage your brand
Only 28% use domain-based message authentication, reporting, and compliance validation (DMARC). DMARC prevents spoofing, BEC and protects customers by validating emails as coming from legitimate senders.
7. Ownership of the email security budget is more important than you think
98% of companies have a security budget for spoofing, exploitation and impersonation. However, managing this budget can be confusing. CIOs, CISOs, CFOs, and other C-Suite executives have been found to be responsible for these budgets, and poor allocation is directly related to a delay in response time, the report said.
8. You are right to be concerned about email security
According to Mimecast, an organization will experience an average of nine web or email spoof attacks per year, and many more remain undetected. The increasing use of social media, especially among people who work from home due to COVID-19, offers bad actors more material for planning a BEC attack or a phishing attempt: Attackers are increasingly using "life pattern analysis" to Track media websites. such as LinkedIn, to target people within organizations who may have access to executives and financial systems. "
9. Cyber resilience strategies are essential, but incomplete
77% of the respondents state that they have a resilience plan or are actively introducing it. Unfortunately, these plans still don't have as much of an impact on changes as they should be: 31% still lose data, 31% see a drop in productivity, and 29% experience downtime despite their resilience strategies.
10. Web-based emails are a weak point in failover planning
The report found that Office 365 was the preferred email provider for most SMBs. Only 22% said security was adequate, and 59% had downtime that prevented them from accessing their cloud-based email.
Aside from the provider, the report states that businesses need to weigh the benefits of whether cloud services are worth the loss of control associated with not being able to host your own on-premises email server: resilience decreases, and Ultimately, you cannot control the security of your server systems from cloud providers.
Cybersecurity Insider Newsletter
Strengthen your company's IT security defenses by keeping up to date with the latest cyber security news, solutions, and best practices.
Delivery on Tuesdays and Thursdays
Sign up today