Whether its ransomware or phishing attempts, email threats are a top risk to organizations' security. According to new data from Dimensional Research and Barracuda Networks, email threats are rising and remain a top concern for businesses.
More than 600 executives, individual contributors and IT security team managers from organizations large and small across all sectors and around the globe participated in the study. The 2018 Email Security Trends report found that email threats continue to increase, which is increasingly impacting the productivity of employees.
When asked about the understood pervasiveness of email security threats, 87% of respondents said their company faced an attempted email-based security threat in the past year. More than one third of those surveyed admitted that they have already experienced a ransomware attack, yet the threat of ransomware remains a concern for 88% of respondents.
Over the past year, the number of email-based attacks has increased for 81% of the survey participants, with a quarter of respondents reporting a dramatic increase and more than half (51%) identifying attacks have somewhat increased.
“Poor employee behavior is the main concern for most, not the tools that organizations have in place to stop threats. This has always been conventional wisdom; the data now backs it up,” the report said.
An overwhelming majority (90%) of professionals said email archiving is critical, as it delivers the benefits of maintaining an audit trail for compliance purposes and affords them the ability to investigate suspicious activity while cutting costs for e-discovery requests.
“Larger businesses are more concerned about Office 365 email security; smaller businesses are less concerned. While the differences are fairly minor, this could be because larger companies have more data at risk in Office 365, due to having broader deployments rolled out that include SharePoint, OneDrive and other applications,” Barracuda wrote in a press release.
In considering how to mitigate the risks of email-based threats, participants of the study unanimously agreed that end-user training is important to preventing attacks. Tactics that the professionals identified as two most beneficial aspects of end-user training include phishing simulations and social-engineering detection, with nearly all respondents (98%) agreeing that end users find little relevance in traditional classroom-based education.