Four in five EMEA organizations faced an email-borne attack over the past year, with the frequency and cost of attacks increasing, according to new research from Barracuda Networks.
The security vendor polled 145 IT security leaders in small, mid-sized and enterprise businesses across the region as part of a wider global study into the email threat.
While 80% said they’d been hit by an attack in the past year, 73% claimed the frequency of attacks is increasing and 72% said the cost of email-related breaches is rising.
Those costs can sometimes be indirect: 65% claimed attacks distract IT teams from more pressing strategic priorities, over half (52%) said they impact staff productivity and over two-fifths (44%) claimed reputation and remediation can be expensive.
Unsurprisingly, 70% are more concerned about email security now than they were five years ago.
The findings chime with other industry figures: phishing represented 93% of all breaches investigated by Verizon in its 2018 Data Breach Investigations Report, and email-borne attacks accounted for 85% of the 66.4 billion online threats blocked by Trend Micro last year.
What’s more, the FBI claimed in its most recent IC3 report for 2017 that Business Email Compromise incurred the highest losses of any threat category, at over $676m.
Email threats increasingly aim to socially engineer the victim into clicking on malicious links, opening malware-laden attachments, divulging sensitive info or making unsanctioned bank transfers. So it was understandable to see 79% of respondents to the Barracuda report claim poor employee behavior is a greater concern than inadequate tools.
Unsurprisingly a large majority (89%) also claimed end-user training and awareness is increasingly important to combat this risk. Of some concern, however, is the fact that over a third (35%) of organizations in EMEA still don’t train employees on how to spot phishing attacks.