New research from Glasswall Solutions has revealed that UK businesses are continuing to expose themselves to hackers and zero-day attacks by failing to implement good email security practices.
More than half (58%) of office workers among 1000 employees surveyed at mid-to-large UK businesses admitted to often opening email attachments from unknown senders, leaving companies open to breaches from documents carrying malicious exploits hidden inside common file-types.
What’s more, despite the widely-publicized threat of social engineering, with cyber-criminals fooling victims by creating emails that appear to legitimately come from someone the recipient knows, as many as 83% of respondents said they always or usually open attachments if they appear to be from a known contact.
Speaking to Infosecurity Luis Corrons, PandaLabs technical director, Panda Security, said threats surrounding malicious emails pose a huge risk to companies, and a big part of the problem is that workers place too much faith in outdated security software built into their computers.
"Therefore they [employees] are careless about the consequences of opening attachments,” he explained. “At the very same moment one computer in your network is compromised, all hell can break loose. From there attackers will perform lateral movements to compromise more computers and gain access to confidential information.”
Employees clearly feel vulnerable; 75% of office workers recognized they often receive untrustworthy emails and 58% said they would feel safer from cybercrime if their employer had the right technology to protect them, whilst one in five said the business they work for has no policy on how to handle email attachments, or they have not been made aware of it.
“Employees need to trust their emails to get on with their work, but with 94% of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers,” said Greg Sim, CEO, Glasswall Solutions.
“Instead of relying on a failed combination of outdated anti-virus defenses and the vigilance of their hard-pressed employees to protect them, businesses need innovative technology that stops all the threats in email attachments before they enter a network”, he argued.
These were sentiments echoed by Corrons, who added:
“Businesses have to step up and go for full EDR (Endpoint Detection & Response) solutions that classify everything that is executed on each workstation and server, monitoring in real time all processes and generating forensic information.”
There is no excuse for complacency or defeatism, Sim said, and businesses need to take steps to put themselves back in control instead of becoming yet another expensive, high-profile victim of hacking.