SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
60% of IT managers think email cyber-attacks are 'inevitable' - report
Fri, 12th Jun 2020
FYI, this story is more than a year old

In a stark reminder of the severity of and prominence of cybercrime in 2020, 60% of global IT decision-makers believe it is either inevitable or likely that they will suffer an email cyber-attack in the next 12 months, according to new research from Mimecast.

The company has released its annual State of Email Security report, which surveyed 1,025 IT managers on their view of the current state of cybersecurity, both within their organisation and without.
While a large majority (77%) of respondents reported either having or actively rolling out a unified cybersecurity strategy, many still believe that even this does not guarantee total protection from a rapidly advancing arsenal wielded by threat actors.

31% of respondents cite data loss as their primary concern if they were to be hit by a breach, with a decrease in employee productivity (31%) and business downtime (29%) also figuring high in terms of concern.

“We're seeing the same threats that organisations have faced for years playing out with tactics matched to world events to evade detection,” says Mimecast vice president of threat intelligence Joshua Douglas.

“The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential.

The COVID-19 pandemic has left its mark on the cybersecurity world, with countless reports of increased threatening activity – especially when it comes to email breaches.

Phishing campaigns have exploded in the last three months, capitalising on the great shift to remote work and the increased vulnerability that comes with it, as well as exploiting the concerns and fear of a worldwide pandemic to lure victims into the trap of malicious software.

According to Mimecast's report, almost half (49%) of respondents reported anticipating an increase in web or email spoofing and brand exploitation in the next year, with a huge 84% particularly concerned about email domain, web domain or site spoofing attacks.

72% claim phishing attacks have either remained the same or increased in the past 12 months, and 74% said the same about impersonation attacks.

Ransomware also continues to wreak havoc, as just over half of respondents (51%) said ransomware attacks impacted their organisation, citing data loss, downtime, financial loss and loss of reputation or trust among customers.

“It's likely that cyber resilience strategies are lacking key elements, or don't have any at all, depending on the organisation's maturity in cybersecurity,” continues Douglas.

“Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation.

“This means organisations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity.”