The fact that email is the single-biggest threat vector won’t come as much of a surprise to most cybersecurity professionals. But the fact that the costs associated with those attacks are increasing is becoming a bigger concern.
According to a survey of 634 cybersecurity professionals conducted by Barracuda Networks, a provider of email cybersecurity software and services, the cost of an email security breach has increased for 81 percent of respondents. What’s more, 22 percent said the frequency of email-based cybersecurity attacks in the last 12 months has increased dramatically, while 59 percent said it has increased somewhat. The two biggest sources of those costs are IT personnel being pulled off other projects (67 percent) and loss of employee productivity (61 percent).
A full 87 percent of IT security professionals said their company faced an attempted email-based attack in the past year, and 75 percent said they are more concerned about email security now than they were five years ago.
The root cause of the attacks was attributed to poor employee behaviors by 84 percent of respondents. Mike Flouton, senior director of product marketing for Barracuda Networks, said that explains why a lot more time and focus is now being placed on training employees to better recognize phishing attacks—a full 90 percent of the survey respondents identified employee training as either being critically or very important, and 77 percent said their organization is actively training end users.
Three-quarters of respondents noted that ransomware attacks arrive via email. More than a third (35 percent) acknowledged their organization has already been a victim of ransomware. The survey found most of those attacks are being targeted as specific individuals, with members of the finance organization being the most focused on, Flouton said. Only 12 percent of the respondents acknowledged paying ransom to regain control of their data.
It’s apparent now that as cybercriminals become more adept at employing social engineering techniques to bypass cybersecurity infrastructure, the first line of defense is now the employees being targeted by these attacks. The truth is even the most IT savvy of employees can be fooled by a well-crafted spear phishing attack that, for example, appears to be a legitimate message from a school their child is enrolled in. The fewer spear phishing attacks that are successful, the more likely they will become less financially rewarding for cybercriminals.
The good news is that advances in machine learning algorithms and other forms of artificial intelligence (AI) will make it easier to identify email messages that don’t originate from a legitimate address or contain links to sites that might be in a suspicious location. Cybersecurity technologies also are getting better at containing ransomware attacks to limit the amount of data that might get compromised.
However, it may take a while for most organizations to have the time and resources needed to upgrade their cybersecurity defenses, which means in the short-term things might get worse before they get better. But eventually the state of the cybersecurity art will improve, forcing cybercriminals to go looking for a vector other than email to potentially exploit.