On a scale of one to ten, where ten is the maximum effectiveness, most security teams give their email security systems a rating of three or less. According to a recent Ponemon study, 89 percent of firms had experienced at least one successful email breach in the previous year, resulting in substantial expenses. The majority of security teams believe in their email security.
According to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research, which examined concerns with phishing, business email compromise (BEC), ransomware threats, and attacks that became costly and preparedness to deal with attacks and incidents.
“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before users trigger dangerous threats,” according to the report released Wednesday.
According to the poll, only around half of the organizations can block email threats. And correspondingly, just over half of organizations consider their current email security solutions are effective.
The most popular email security actions are: preventing impersonation threats (the least effective), with attempts to detect and block mass-mailed phishing emails close behind. As a result, it’s hardly surprising that almost all organizations polled have been victims of one type of email breach.
According to the research, successful ransomware attacks have risen by 71% in the last three years, Microsoft 365 credential compromise has increased by 49%, and successful phishing assaults have grown by 44%.
Ineffective Defensive Approaches
According to the report, looking at where email defense fails to hold up, usage of email client plug-ins for users to notify suspicious communications has risen. Half of the businesses now utilize an automated email client plug-in for users to report suspicious emails for expert evaluation, up from 37% in a 2019 survey.
User awareness and training on email security are the most common responsibilities of these analysts, administrators, and service providers in organizations. However, 78% of firms notify two or more people. In addition, according to the study, most companies now provide user education on email threats: More than 99% of organizations give at least annual training, with one in seven providing.
According to the survey, training more frequently lowers a variety of warning flags. Among organizations that provide training every 90 days or more often, employees falling for phishing, BEC, or ransomware attacks are lower than those who only train once or twice a year. “Training more often reduces a range of threat indicators.”
So far, everything has gone well. So, where did things go wrong? One worrying discovery: Only about a fifth (22 percent) of businesses review all reported messages for maliciousness. “How consumers should evaluate the maliciousness of reported communications on their own when security professionals have not provided a verdict is unknown,” according to the companies.
These types of vulnerabilities and ineffective fortifications, in general, result in significant expenses for businesses.