Today, two reports highlight that email phishing is a top concern for global businesses. However, a third of employees believe it is lack of support from execs that is the biggest challenge to protection – demonstrating a disconnect between the board and IT.
Proofpoint’s 2018 Understanding Email Fraud Survey asked 2250 senior IT decision makers across the US, UK, France, Germany and Australia for their email fraud experiences from the last two years. The results found 75% of organizations had experienced at least one targeted email fraud attack, with 41% suffering multiple attempts in the last two years.
Concerningly, more than 77% of businesses expect they will fall victim to email fraud in the next 12 months, and only 40% have full visability into email threats.
“Email fraud is highly pervasive and deceptively simple; hackers don’t need to include attachments or URLs, emails are distributed in fewer volumes, and typically impersonate people in authority for maximum impact,” said Robert Holmes, vice-president of email security products for Proofpoint. “These and other factors make email fraud, also known as business email compromise (BEC), extremely difficult to detect and stop with traditional security tools. Our research underscores that organizations and boardrooms have a duty to equip the entire workforce with the necessary solutions and training to protect everyone against this growing threat.”
Clearswift also identified that UK organizations were concerned about ex-employees retaining access to business networks and human error.
A lax attitude by employees to sharing passwords was ranked as another concern as a source of cyber-weakness, with one-third of UK businesses listing this as one of the biggest threats. USBs sticks were the next offender, with 31% of respondents highlighting USB/removable storage devices as a major threat. Failure by firms to cut off access to the network for ex-employees was next on the list with more than one in four worried about the impact on the business.
Mike Turner, COO of Capgemini’s cybersecurity global service line, believed organizations are not doing enough to combat against emailing phishing scams and are putting too much focus on changing user behavior.
“For many organizations, their first line of defense is their users, which carries weaknesses,” he said. “We are social beings and it takes quite a lot of effort to change the culture within humans – an example of this is changing the culture and attitude towards wearing a seatbelt – it took years for change.
“Companies are relying on user behavior and that’s not enough – they need to fall back on a multi-layered approach that focuses on the other elements of the defense.”