A staggering 96% of organizations say that e-mail phishing scams pose the biggest security risk facing their businesses over the next year.
A further three quarters (76%) say the greatest and most persistent threat is the careless insider who unthinkingly clicks on malicious links, placing their companies at higher risk of falling victim to phishing, ransomware, CEO fraud scams, and other types of malware.
Social engineering was identified as a major concern by 70% of respondents.
These were some of the findings of the annual ‘The State of Email Security 2019 by Mimecast, a security awareness training provider,
The survey polled 600 organisations around the world in mid-2019 on the major security issues they will face in the next 12 to 18 months.
A relatively new term in the malware vocabulary, ‘CEO fraud’ is a scam in which attackers spoof company e-mail accounts and impersonate executives in an attempt to trick an employee in accounting or HR into executing unauthorised wire transfers, or sending out confidential tax information.
Budgetary constraints
“One-third or 30% of respondents don’t have a separate security budget and another 13% say the organisation’s security budget is less than $25,000 annually.”
When it comes to adversaries, it was acknowledged that the hacking community is growing increasingly sophisticated, with nearly half or 46% of respondents saying they feared their organisations may fall victim to a targeted attack.
Dealing with threats
Most enterprises (86%) claimed they have proactively amplified security initiatives over the last year to combat the increase in cyber attacks, and 89% say they’re currently better equipped to deal with security threats than they were the previous year.
Encouragingly, only 6% believed their firms were less prepared to deal with security issues in 2019 than they were the same time a year ago.
Highlights of the ‘The State of Email Security 2019 by Mimecast.
96% of organisations say that e-mail phishing scams pose the biggest security risk facing their businesses over the next year.
76% say the greatest and most persistent threat is the careless insider.
Only 14% of those surveyed are concerned about insider attacks from existing employees.
30% of respondents don’t have a separate security budget
Half of participating companies report their security and IT staff are overworked and 40% say their organisations will face a shortage of skilled security professionals within the next 12 months.
82% of respondents say proactive security maintenance, such as installing upgrades and patches, is a top priority over the next 12 months.
Some 27% of respondents raised a concern about their organisations’ inability to identify, quickly respond to and shut down hacks.
Only 18% of those surveyed calculate the hourly cost of downtime related to security hacks.
A 53% majority allow employees to access the corporate network and data using BYOD. However, only 39% of respondents currently have a plan to respond if a BYOD such as a laptop, tablet or smartphone is hacked, stolen or lost.