89% of organisations experienced at least one successful email breach in the last year
21st April 2022
Cyren and Osterman Research has surveyed organisations that use Microsoft 365 for emailing and gathered data on email breach types, including phishing, email compromise and ransomware attacks, as well as companies’ readiness to deal with such cyber incidents.
Less than 50% of those who participated in the survey said that their companies successfully block serious threat emails (particularly ransomware). So, it does not come as a surprise that less than half of organizations polled rank their current email security as effective. However, ranked the least effective was the protection against impersonation, shortly followed by the weak detection of phishing emails, which seem to be a common problem among all organisations.
RiskXchange recognises the growing threat of impersonation, where malicious actors are using typosquatting to impersonate companies' brands to defraud their users and harvest credentials or spread disinformation. That’s why we offer a Digital Risk Protection solution for companies of all sizes to prevent any digital security risks. You can book a free demo with one of our experts here.
What are the statics of the email breach?
According to the research, the number of email breaches has doubled since 2019, and 89% of organisations had to deal with one or more successful email breaches in the previous 12 months. Most of them were successful phishing attacks, compromising users’ credentials.
Despite having certain security measures in place, with half of the organisations using an automated email client plug-in for reporting suspicious emails, the phishing attacks have increased by 44%, and successful ransomware attacks have increased by 71% in the last three years. So, what goes wrong?
The need for better training
As we have previously discussed the biggest cybersecurity mistakes in the workplace, companies must educate all their employees on email breach threats, such as phishing and other hacking techniques.
The research found that 99% of organizations are offering cybersecurity training at least annually, but only one in seven companies provide email security training monthly.
“Training more frequently reduces a range of threat markers. Among organizations offering training every 90 days or more frequently, the likelihood of employees falling for a phishing or ransomware threat is less than organizations only training once or twice a year,” says the report.
Additionally, when employees reported suspicious emails, the survey found that only a fifth of organizations analyzed the reported messages for maliciousness.
Email breaches are costly
It is much cheaper to prevent the attack rather than to deal with the huge costs after the successful attack. These costs include post-incident remediation, manual removal of malicious messages from inboxes by the IT department, cybersecurity analyst turnover and regulatory fines.
Get in touch with RiskXchange to find out how you can prevent an email breach and better mitigate digital risks.