Overcoming common email security misconceptions

Overcoming common email security misconceptions

As workforces adapt to the new work from home model, it has never been more important for organisations to invest in their email security. Brian Pinnock, Cybersecurity Expert, Mimecast, discusses the stark findings behind the company’s research that reveal just how important it is to ensure email security is up to scratch.

The past 18 months have radically transformed the way we work. Recent Mimecast research found that the COVID-19 pandemic forced 75% of UK organisations to accelerate their Digital Transformation plans. While this provided many benefits, including better efficiency and productivity, the rush to transform and the move to remote working also left companies exposed to increased risks.

One of the biggest risks is poor email security.

Remote working leads to more risk

Human error is at the heart of most successful cyberattacks and cybercriminals usually rely on an employee to make a mistake. Our research shows that after working from home for several months, British employees have developed some lax cybersecurity habits. The research shows that 63% are using their personal devices to access the corporate network and almost half (49%) are opening attachments from unknown sources. In addition to this, employees are clicking on three times as many malicious emails as they had before the pandemic.

These lax practices result in more cybersecurity incidents across businesses, with three in four IT leaders witnessing cybersecurity issues once a month or more – more worryingly, 20% of them admit occurrences happen more than once a day. Email remains the first source of cybersecurity issues: 42% of IT leaders acknowledge most cybersecurity incidents start with an employee clicking on a malicious link in an email. As hackers become more sophisticated, 30% admit that these emails mimic an internal source, increasing the challenge to identify whether a source is legitimate or not for employees who may not have seen their colleagues since March 2020 / for over a year.

Mimecast research also found that 56% of IT directors agree that COVID-19 has led to far more attempts at cyberattacks via email and 54% believe these attacks are more sophisticated than before. Combine this with a workforce facing extended remote working and it’s clear that IT teams face many challenges when it comes to securing email. With Mimecast’s recent State of Email Security report finding a 64% year-over-year increase in email threat volume, it has never been more important for organisations to invest in their email security.

And with ransomware attacks becoming more commonplace, poor email security is a risk that businesses simply cannot take.

Email platforms alone aren’t keeping businesses secure

Email remains the number one attack vector for these criminals to exploit, making it imperative that organisations ensure email security is up to scratch. Despite 56% of businesses believing email platform protects them against all forms of email-based attacks, Mimecast research shows that this isn’t the case.

More than half of all IT directors report that their current email platform doesn’t provide essential security functionality: only 45% have spam filters built in, while a mere 42% have malware protection or email backup. More worryingly, 60% don’t provide antivirus protection.

Sophisticated security features are even more scarce: 56% of respondents admit their email platform does not provide ransomware or anti-phishing protection, 64% say it lacks protection against Business Email Compromise (BEC) and 65% confess it doesn’t provide zero-day threat protection.

As a result of this, only 53% are confident that if a cyberattack breached their email perimeter, the attack would be identified and countered before it could do further damage to their network. Clearly, many organisations are relying on an email platform that doesn’t provide adequate protection. To make matters worse, the widespread use of email platforms makes them an easy target for hackers. In April alone, our data found that 61% of the links in phishing emails impersonated Microsoft products. These lookalikes are becoming increasingly sophisticated, making it harder than ever for the recipient to identify the real from the fake.

Taking a holistic approach to email security

To overcome the growing security issues they face, organisations need to adopt a holistic strategy that addresses all threats at once, starting with external emails delivered to the corporate network, all the way to information shared by staff internally. Yet, technology is only one part of the puzzle: companies also need to ensure they are empowering their staff to better spot potential threats and avoid falling into the traps hackers lay out for them. To do so, many companies are now organising cybersecurity awareness training sessions.

These training modules allow even the least tech-savvy employee to develop the right behaviours. Our research shows that users who receive awareness training are five times less likely to fall for malicious emails containing dangerous links, than those that didn’t get trained. By training people, companies are also reducing the need for the IT team to solve cybersecurity challenges – something that 20% of IT leaders still have to do more than once a day. This approach to cybersecurity brings together both defence and intelligence across multiple security layers, which include hardware, software, people, processes and partners, to enable organisations to overcome the lost visibility of internal and outbound email threats. This provides them with a clear, effective way to detect attacks that are underway and take quick action to prevent them before completion, and to educate users to prevent compromised accounts in the first place.

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive