According to its blog post, many organizations are admitting to being vastly unprepared when it comes to email security, with 94% admitting that “email is still the most vulnerable part of organizations’ security postures.
“Unsurprisingly, finance departments seem to experience the most attacks, with 57% identifying it as the most targeted department,” explained Chris Ross, senior vice-president of international sales at Barracuda. “What was surprising was the rise in customer support attacks; a not insignificant 32% identified this as their most attacked department in what could indicate a new emerging trend for would-be attackers.”
The blog goes onto say that employee training is still not a priority for many, with 29% of respondents only receiving such training once a year. More shockingly, 7% stated they’d either never had training or that they weren’t sure.
“The lack of training is clearly leaving employees either confused or unaware of security protocol, as over half (56%) stated that some employees do not adhere to security policies,” Ross continued. “Of those, 40% said their employees used a ‘workaround’ to do so, perhaps referring to shadow IT solutions and the issues they continue to cause in enterprise IT environments.
“Both of these issues could be solved by regular and in-depth employee security training,” he concluded.
Organizations have also seen cyber-attacks come through emails. In the last year, according to the survey, 47% were attacked by ransomware, 31% were victim to a business email compromise attack, and a huge 75% admitted to having been hit with brand impersonation. Barracuda also found that 83% of all email attacks were focused on brand impersonation in its recent spear phishing report.
However, organizations are starting to take matters into their own hands, with 38% of them increasing their security budgets next year, and over a third (36%) planning to implement instant messaging applications such as Slack or Yammer, to reduce email traffic.
“This approach comes with a warning from us,” said Ross. “While we haven’t yet seen attacks using messaging platforms such as Slack, this may well change in the future and doesn’t necessarily mean that these platforms are immune to attacks.
“Any organization going down this route should do so with care, as if we know anything about cyber-attackers, it’s that they’re always trying new ways to catch their victims out.”
These findings interestingly come out following the opinion article published in the New York Times, which highlights Slack’s lack of end-to-end encryption, leaving it vulnerable to hackers.
Source: Infosecurity Magazine