January 2021 – Tips from Virsage: Prevent Cyberattacks from Phishing Emails
60% of Organizations Are Hit by Cyberattacks Spread by Their Own Employees
The "unwitting participant" appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an org to do?
When you think of cyberattacks, the assumption is that it’s a simple matter of “the bad guy sends an email, the user gets fooled, the user clicks malicious content, and the badness happens.” But the State of Email Security 2020 report from Mimecast sheds some light on some of both the how and why attacks are still successful.
According to the report:
- 51% of organizations have been impacted by ransomware in the last 12 months
- 58% saw phishing attacks increase
- 60% have seen an increase in impersonation fraud
- 82% have experienced downtime from an attack
These numbers aren’t good. Way too many organizations are feeling the pain of email-based cyberattack, despite knowing the problem is only getting worse. So, why are organizations proving to be such easy targets for email-based cyberattacks?
According to the report, it’s a problem-riddled combination of issues involving your people, processes and technology. In essence, the lack of sufficient presence of all three play a role.
From the report:
- 60% of orgs have experienced their own employees being responsible for spreading a malicious email (People)
- 55% of orgs don’t provide security awareness training on a regular basis (Process)
- An average of 41% of orgs don’t have a system in place to monitor for and detect malicious content in emails (Technology)
With 60% of orgs believing they will be the victim of an email-borne attack in the coming year, organizations need to be taking steps to protect themselves with a security strategy that addresses all three issues. Putting a layered security strategy in place that detects malicious content before it ever reaches your users is imperative.
But, because 7-10% of malicious emails make it through your filters, it’s equally as important to ensure users are continually educated using security awareness training. By doing so, you will improve your organization’s security posture, and keep users from participating in the spread of malicious emails.
Don’t have a security awareness training program for your staff? GET ONE! Virsage is here to support you with implementing a security awareness training program to protect your business and data!