A survey from email and data security firm Mimecast revealed that nearly 60% of organizations believe that they will likely suffer from an email-borne attack in the coming year. And 77% of respondents stated that they are introducing a cyber resilience strategy, with 31% of respondents citing data loss; 31% of them stated a decrease in employee productivity, and 29% reported business downtime due to lack of cyber resilience preparedness.
According to the report, “State of Email Security 2020 Report,” domain-spoofing and email-spoofing have become mainstream attack vectors, and 49% reported that they are expecting an increase in web or email spoofing and brand exploitation in the next 12 months. While 84% of respondents feel concerned about an email domain, web domain, brand exploitation, or site spoofing attack.
Old Threats Continue to be a Major Concern
The study also stated that impersonation attacks, phishing attempts, and ransomware continue to be major security concerns, and 72% of respondents reported phishing attacks remained flat or increased in the last 12 months; 74% reported the same about impersonation attacks. “Ransomware also continues to wreak havoc, as just over half of respondents (51%) said ransomware attacks impacted their organization, citing data loss, downtime, financial loss and loss of reputation or trust among customers,” the report said.
Need for Strong Security Awareness
The report highlighted that there is a strong need for a more cyber aware workforce, with 97% of organizations stating that they offer security awareness training to their employees. However, 60% of them reported they have been hit by malicious activity spread from employee to employee.
Joshua Douglas, Vice President of threat intelligence at Mimecast, said, “We are seeing the same threats that organizations have faced for years playing out with tactics matched to world events to evade detection. The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential. It is likely that cyber resilience strategies are lacking key elements, or do not have any at all, depending on the organization’s maturity in cybersecurity.
“Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation. This means organizations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity,” Douglas added.
The survey report is based on the views of 1,025 global IT decision makers on the present state of cybersecurity.