Organisations facing same threats, using same tactics.
Email and data security company, Mimecast’s fourth-annual State of Email Security 2020 report showed a large majority (77 per cent) of respondents say they have or are actively rolling out a cyber resilience strategy.
However, 60 per cent of respondents believe it is inevitable or likely they will suffer from an email-borne attack in the coming year.
Mimecast spoke with about 1,025 global IT decision makers on the current state of cybersecurity.
The findings in this year’s State of Email Security report demonstrate that despite high levels of confidence in respondents’ cyber resilience strategies, there is a clear need for improvement. Respondents cite data loss (31 per cent), a decrease in employee productivity (31 per cent) and business downtime (29 per cent) due to a lack of cyber resilience preparedness, said Joshua Douglas, vice president of threat intelligence at Mimecast.
“We’re seeing the same threats that organisations have faced for years playing out with tactics matched to world events to evade detection,” he said. “The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential.”
According to Douglas cyber resilience strategies are lacking key elements, or don’t have any at all, depending on the organisation’s maturity in cybersecurity.
“Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation,” he said. “This means organisations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity.”
Douglas believes the latest research comes at a time when organisations across the globe have been forced to adopt remote work policies for employees in response to the coronavirus pandemic.
“Threat actors have seized this opportunity and evolved the ways they are targeting their victims. Domain-spoofing and email-spoofing have become mainstream attack vectors, according to the report,” he said.
Mimecast’s report also shows nearly half of organisations (49 per cent) surveyed report anticipating an increase in web or email spoofing and brand exploitation in the next 12 months, and it is a rising concern. In fact, 84 per cent of respondents feel concerned about an email domain, web domain, brand exploitation, or site spoofing attack.
“It is critical for organisations to look beyond their email perimeters to determine how cyber threat actors may be using and damaging their brands online,” said Douglas. “Similar to years past, impersonation attacks, phishing attempts and ransomware continue to be a major problem, according to the research.”
The shows 72 per cent of report participants said phishing attacks remained flat or increased in the last 12 months and 74 per cent report the same of impersonation attacks.
“This indicates that phishing is potentially becoming more difficult to stop or prevent due to more advanced tactics like spear-phishing,” said Douglas.
“Ransomware also continues to wreak havoc, as just over half of respondents (51 per cent) said ransomware attacks impacted their organisation, citing data loss, downtime, financial loss and loss of reputation or trust among customers.”
The State of Email Security 2020 report also shines a light on the urgent need for a more cyber aware workforce. Encouragingly, 97 per cent of the respondents’ organisations offer security awareness training at varying frequencies and formats.
However, 60 per cent of those surveyed reported having been hit by malicious activity spread from employee to employee, pointing to the fact that the format or frequency of being trained could be the problem.
“With frequent, consistent, engaging content that humanises security, security awareness training is an effective way to reduce risk inside the network and organisation,” he said.
I have wanted to post something like this on my website and you have given me an idea. Cheers.
Cyber Data Resiliency Services in New Zealand | Data Protection Solutions