itb-au logo
Story image

Workplace inboxes still plagued by phishing attacks

31 May 2019

Mimecast’s annual State of Email Security report confirms that social engineering is still plaguing businesses, along with other email threats including ransomware and phishing attacks.

The report found that impersonation attacks, whereby attackers impersonate a colleague, high-ranking executive or partner in order to trick recipients, increased 67% compared to 2018 figures.

That suggests that cybercriminals are increasingly using the tactic to steal data and deliver threats. Of the 1025 global IT decision makers polled for the study, 73% had been impacted by direct losses as a result of impersonation attacks. Those losses included data loss (40%), financial loss (29%), and customer loss (28%).

Email phishing attacks are still as prevalent as ever – almost all (94%) of respondents indicated that they had experienced phishing and spear phishing attacks in the last 12 months. Additionally, 55% saw an increase in phishing attacks during the same period.

The report found that 61% of respondents believe it is likely or inevitable their organisation will suffer a negative business impact from an email-borne attack this year. The report also found that business-disrupting ransomware attacks are up 26% compared to last year.

Forty-nine percent of respondents noted having downtime for two to three days, whereas 31% experienced downtime for four to five days.

According to Mimecast vice president of threat intelligence Josh Douglas, email security systems should be considered the front line defence for most attacks. But data alone doesn’t create value.

“Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect, and not just focus on indicators of compromise which would only address past problems.”

“Financial, Manufacturing, Professional Services, Science/Technology as well as Transportation Industries are top targets. Understanding these key pain points helps organisations build a more comprehensive cyber resilience plan.”   

Awareness training should be part of that cyber resilience plan. The report says that human error ranks higher for cyber risks that both software flaws and vulnerabilities. 

What’s more, half of surveyed respondents said their organisations conduct awareness training quarterly or less frequently, despite the fact that awareness training is catching on as an effective security tool.

“The most widely used method (62%) of awareness training happens in a group session. Following group training sessions, other popular methods include interactive videos highlighting best/worst security practices (45%), formal online testing (44%), reference lists of tips (44%) and one-on-one training sessions (44%),” the report says.

“These results reinforce the need for engaging training that is delivered persistently over time and that concentrates heavily on helping employees detect and avoid email-borne attacks.”

Story image
Signet rolls out Zebra industrial wearables across warehouse operations
Zebra Technologies Corporation has released its new industrial wearable technology solutions with Signet, with the intention to improve worker productivity and lower operational costs. More
Story image
RPA is important, but not as important as people
Robotic Process Automation (RPA) and other intelligent automation technologies are increasing in popularity with businesses as they look to leverage competitive advantage during this uncertain time. However, having a people-centric approach continues to be a critical advantage. More
Link image
What makes a good colocation service great?
Networks need to be optimised to reduce costs and improve scale across locations, all while simplifying hybrid-cloud access and managing risk.More
Story image
How to design your own cutting-edge security ID cards
One of the first lines of defence for large enterprises, universities and government organisations is the security ID card. But instances of counterfeit are rising, and a simple photo ID printed on a plain white plastic card has virtually no defence such attacks.More
Story image
Video: 10 Minute IT Jams - Who is Milestone Systems?
In this interview, Techday speaks with Milestone Systems director of Asia Pacific sales Jordan Cullis, who discusses the ins and outs of the company's solutions, its focus on certain product development trends, and the company's infrastructure and resources.More
Link image
The positively disruptive potential of Open Banking
There are five Open Banking building blocks that can empower your business users with agility and self-service data access. Here's how to use them.More