Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Database
    • IT Management

    Key Trends That Fuel Phishing Inside an Enterprise

    By
    CHRIS PREIMESBERGER
    -
    September 7, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Email.hackers

      As we increasingly connect personal email addresses with access to cloud services, web apps and SaaS-based systems, the security of old-fashioned but “killer app” email has become more important than ever. For example, think about all the times you log into a web application of some kind and use your IDs from Facebook, Google, Yahoo or LinkedIn, which are usually email addresses.

      Despite the fact that enterprises have invested billions in cybersecurity training and point solutions, the problems aren’t going away anytime soon.

      The FBI reported that business email compromise (BEC) attacks enabled cybercriminals to steal more than $12 billion from October 2013 to May 2018. In 2017, that represented 48 percent of all internet crime-driven financial loss. Meanwhile, Verizon’s latest Data Breach Investigations Report showed that despite an emphasis on security training, one in 25 people will respond to any given phishing attack – not surprising as they have become both highly targeted and more sophisticated.

      In this eWeek Data Point article, using industry information and data from GreatHorn, which specializes in cloud-native email security, we identify key trends fueling phishing’s success within the enterprise.

      Data Point Trend No. 1:  The Email Perception Gap

      There is a stark difference in the average worker’s perception of email-based threats within the enterprise and the perception of security personnel. Two-thirds of non-security workers claim to never see any email threats besides spam, whereas 56 percent of security professionals see them at least weekly, in the form of impersonations, wire transfer requests, W2 requests, payload attacks/malware, business services spoofing, and credential theft.

      The biggest challenge businesses face in email security is trust. Workers are clearly dismissing all unwanted messages as spam, and often mistakenly believe that their work email systems are inherently secure which makes them highly susceptible to phishing and social engineering attacks, especially as those attacks become more and more sophisticated.

      Data Point Trend No. 2:  Different Infrastructure, Different Email Security Strategies

      The average business uses three separate email security solutions but there are some significant differences in security postures of businesses that use on-premises infrastructure versus cloud-first organizations.

      On-premises companies were far more likely to use stand-alone anti-virus/anti-spam solutions, user awareness training and firewalls than their cloud counterparts. Meanwhile, cloud companies were far more likely to either use nothing, or simply “native cloud-email features.” Google, Microsoft and other cloud providers have significantly improved their security features but outsourcing the entire email security responsibility to cloud providers is a dangerous proposition, because cybercriminals have proven themselves capable of bypassing email filters and other anti-phishing technology.

      Data Point Trend No. 3:  Basic Email Threats are Pervasive

      It’s not just ultra-sophisticated and personalized phishing attacks that reach workers: 1 in 6 see basic payload attacks bypassing their email security defenses, despite being arguably the most heavily guarded against threats. In addition, security professionals report the following:

      • 19 percent report that they have weak or no remediation capabilities if an email threat reaches an end user;
      • 21 percent believe their email security solution negatively impacts business operations (e.g. too many false-positives);

      So not only are rudimentary email threats successful, but the security strategies organizations use are impeding the business. Meanwhile, the lack of good remediation options built into email security strategies make it difficult to mitigate the damage.

      Data Point Trend No. 4:  Impersonations are Still Phishers’ Weapon of Choice

      Overall, nearly half (46 percent) of all business professionals see executive, internal, or external impersonations, with that number jumping to 65 percent among email security professionals. Business services spoofing was the second most prevalent email threat respondents experience, followed by wire transfers, credential theft, and payload/malware.

      Data Point Trend No. 5:  Phishing Overwhelms Security Pros

      Sixty-five percent of respondents reported fundamental technical issues with their existing email security solution. This figure, taken with the fact that two-thirds of email security professionals acknowledge that email threats make it past defenses and into inboxes, demonstrates the failure of the binary email security philosophy that has dominated the industry. It’s not reasonable to believe that enterprise can stop 100 percent of all potential threats while simultaneously delivering a low false positive rate. Enterprises should assume that some amount of malicious mail will always find a way to reach employees–regardless of the company’s security posture.

      Data Point No. 6:  Summary

      Cybercriminals’ window of opportunity becomes a barn door if IT and security professionals aren’t implementing basic email security hygiene. Forty percent of business professionals need to routinely take significant remediation actions – such as Powershell scripts, shutting down compromised inboxes, etc. – to counter basic attacks that are delivered to their inbox.

      A Sisyphean mindset has created complacency around how good email security can really be. Nearly half of all respondents (46 percent) were “less than satisfied” with their current email security solution, with only 10 percent indicating they were “very satisfied.”  Senior-level executives agreed and were much more likely to be actively “dissatisfied” or “very dissatisfied” by their email security solution (20 percent compared to 12 percent for the general population).

      If you have a suggestion for an eWEEK Data Point article, email [email protected].

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×