Egress, a provider of human layer data security solutions, stated that several organizations suffered data breach incidents due to outbound email errors in the last year. In its research report, “2020 Outbound Email Data Breach,” Egress revealed that 93% of security leaders admitted that their organization had suffered data breaches via outbound emails, approximately every 12 working hours. 94% of respondents reported an increase in email data breaches since the COVID-19 outbreak, and 70% stated that remote working conditions increased the risk.
Employee: the Root Cause
According to the report, the tiredness and stress in employees were the primary reasons for email data breaches, while remote working was cited as the second common reason. When asked about the impact of data breaches, on an individual-level, employees received a formal warning in 46% of incidents, were fired in 27%, and legal action was brought against them in 28%. At an organizational-level, 33% said it had caused financial damage and led to an investigation by a data regulatory body.
Lack of Email Security Tools
The research also highlighted that 16% of respondents had no technology in place to protect data shared by outbound email. 44% said they have message level encryption and 45% said they have password protection for sensitive documents; however, employees had not used the technology provided to prevent the breach in one-third of the most serious breaches suffered.
Key Findings
- Organizations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours.
- The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%).
- 62% rely on people-led reporting to identify outbound email data breaches.
- 94% of surveyed organizations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26% and 75%.
- 70% believe remote working raises the risk of sensitive data being put at risk from outbound email data breaches.
The findings are based on the responses of 538 senior managers responsible for IT security in the U.K. and the U.S. across vertical sectors including financial services, health care, banking, and legal.
Egress CEO Tony Pepper said, “Unfortunately, legacy email security tools and the native controls within email environments, such as Outlook for Microsoft 365, are unable to mitigate the outbound email security risks that modern organizations face today. They rely on static rules or user-led decisions and are unable to learn from individual employees’ behavior patterns. This means they can’t detect any abnormal changes that put data at risk – such as Outlook autocomplete suggesting the wrong recipient and a tired employee adding them to an email.”
Pepper added, “This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spot errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake.”
