The unwitting participant appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an org to do?
When you think of cyberattacks, the assumption is that it’s a simple matter of “the bad guy sends an email, the user gets fooled, the user clicks malicious content, and the badness happens.” But the State of Email Security 2020 report from Mimecast sheds some light on some of both the how and why attacks are still successful.
According to the report:
- 51% of organizations have been impacted by ransomware in the last 12 months
- 58% saw phishing attacks increase
- 60% have seen an increase in impersonation fraud
- 82% have experienced downtime from an attack
These numbers aren’t good. Way too many organizations are feeling the pain of email-based cyberattack, despite knowing the problem is only getting worse. So, why are organizations proving to be such easy targets for email-based cyberattacks?
According to the report, it’s a problem-riddled combination of issues involving your people, processes and technology. In essence, the lack of sufficient presence of all three play a role. From the report:
- An average of 41% of orgs don’t have a system in place to monitor for and detect malicious content in emails (Technology)
- 55% of orgs don’t provide security awareness training on a regular basis (Process)
- 60% of orgs have experienced their own employees being responsible for spreading a malicious email (People)
With 60% of orgs believing they will be the victim of an email-borne attack in the coming year, organizations need to be taking steps to protect themselves with a security strategy that addresses all three issues. Putting a layered security strategy in place that detects malicious content before it ever reaches your users is imperative. But, because no solution is 100% foolproof, it’s equally as important to ensure users are continually educated using Security Awareness Training. By doing so, you will improve the organization’s security posture, and keep users from participating in the spread of malicious emails.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
