sb-au logo
Story image

Workplace inboxes still plagued by phishing attacks

31 May 2019

Mimecast’s annual State of Email Security report confirms that social engineering is still plaguing businesses, along with other email threats including ransomware and phishing attacks.

The report found that impersonation attacks, whereby attackers impersonate a colleague, high-ranking executive or partner in order to trick recipients, increased 67% compared to 2018 figures.

That suggests that cybercriminals are increasingly using the tactic to steal data and deliver threats. Of the 1025 global IT decision makers polled for the study, 73% had been impacted by direct losses as a result of impersonation attacks. Those losses included data loss (40%), financial loss (29%), and customer loss (28%).

Email phishing attacks are still as prevalent as ever – almost all (94%) of respondents indicated that they had experienced phishing and spear phishing attacks in the last 12 months. Additionally, 55% saw an increase in phishing attacks during the same period.

The report found that 61% of respondents believe it is likely or inevitable their organisation will suffer a negative business impact from an email-borne attack this year. The report also found that business-disrupting ransomware attacks are up 26% compared to last year.

Forty-nine percent of respondents noted having downtime for two to three days, whereas 31% experienced downtime for four to five days.

According to Mimecast vice president of threat intelligence Josh Douglas, email security systems should be considered the front line defence for most attacks. But data alone doesn’t create value.

“Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect, and not just focus on indicators of compromise which would only address past problems.”

“Financial, Manufacturing, Professional Services, Science/Technology as well as Transportation Industries are top targets. Understanding these key pain points helps organisations build a more comprehensive cyber resilience plan.”   

Awareness training should be part of that cyber resilience plan. The report says that human error ranks higher for cyber risks that both software flaws and vulnerabilities. 

What’s more, half of surveyed respondents said their organisations conduct awareness training quarterly or less frequently, despite the fact that awareness training is catching on as an effective security tool.

“The most widely used method (62%) of awareness training happens in a group session. Following group training sessions, other popular methods include interactive videos highlighting best/worst security practices (45%), formal online testing (44%), reference lists of tips (44%) and one-on-one training sessions (44%),” the report says.

“These results reinforce the need for engaging training that is delivered persistently over time and that concentrates heavily on helping employees detect and avoid email-borne attacks.”

Link image
Proper authentication is the key to security. Now it's free
Usually if a cyber attacker gains access to your credentials, it's game over. Stand a fighting chance at no cost with this cutting edge authentication tool.More
Story image
Endace and Palo Alto Networks launch integration to empower security teams
“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.” More
Story image
11 new orgs join fight against insidious Stalkerware
Founded last year, the Coalition Against Stalkerware brings together cybersecurity vendors, domestic violence organisations, and digital rights advocates.More
Download image
Why shifting workforce demographics requires updated management
Globalisation; a younger workforce; remote working trends - the landscape of the modern workplace has changed forever. And businesses could be in for a shock if they don't manage it properly.More
Story image
New tech startup looks to help lawyers and finance pros
StructureFlow has launched to market, dubbing itself as a tech startup with the mission of helping lawyers and finance professionals visualise complex legal structures and transactions. More
Story image
WatchGuard completes acquisition of Panda Security
Executives say the immediate goal of the now-combined companies is to provide stakeholders access to a newly expanded portfolio of security solutions.More