The survey of 280 high-level decision makers revealed in a blog post that 75% of respondents had witnessed a steady increase in email attacks against their own organisation, over the past three years.
Just under half of organisations had been attacked by ransomware (47%), whilst 31% were victim to business email compromise attack. An overwhelming 75% had admitted to being hit with brand impersonation.
Although there is an awareness “many organisations admit to being vastly unprepared when it comes to email security”.
Chris Ross, senior vice-president of international sales at Barracuda explained:
“Unsurprisingly, finance departments seem to experience the most attacks, with 57% identifying it as the most targeted department.
“What was surprising was the rise in customer support attacks; a not insignificant 32% identified this as their most attacked department in what could indicate a new emerging trend for would-be attackers.”
It is clear that employee training is necessary to prevent these attacks from happening, however employee training is not a priority, with 29% of respondents stating to only receiving training just once a year, whilst 7% admitted that they’d either never had training or that they weren’t sure.
The lack of training is leaving employees confused with 56% stating that some employees do not adhere to security policies – out of which 40% said a “workaround” is used by employees to do so..
The survey identified some good news, with 38% of respondents having their security budgets increased next year.
“…we’d hope security awareness training will play a key role in where the funds will be spent – after all, regardless of whether you have the latest technology, your employees are still the last line of defence.”
However it seems that organisations are taking matters into their own hands to reduce the rising email threat – with 36% of respondents implementing instant messaging applications such as Slack or Yammer to reduce email traffic.
“This approach comes with a warning from us: while we haven’t yet seen attacks using messaging platforms such as Slack, this may well change in the future and doesn’t necessarily mean that these platforms are immune to attacks.
“Any organisation going down this route should do so with care, as if we know anything about cyber attackers, it’s that they’re always trying new ways to catch their victims out.
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.