Email is the primary tool for business communications and it’s used across the globe by organizations of all sizes. So, it’s no surprise that email is also today’s No. 1 threat vector for cyberattacks.
The cyber threat landscape has evolved to a great extent. Today, email attacks are highly targeted and cybercriminals engage in extensive social engineering activities to learn information about their targets in order to craft personalized emails.
Such targeted and sophisticated phishing attacks have a higher success rate than mass campaigns. Users implicitly trust a familiar name or email with personal information. These email may contain malicious attachments, weaponized URLs to deliver malicious payloads, phishing websites with fake login pages to steal login credentials, or malware-less email that seeks confidential information or a wire transfer.
With the changing threat landscape, coupled with the lack of human and financial resources to keep pace, organizations find themselves as susceptible targets for email-based attacks, such as spear-phishing and CEO fraud/business email compromise (BEC).
To that end, SonicWall recently worked with the Osterman Research and surveyed organizations to understand:
- What are the top concerns for IT security decision-makers?
- Why are cyberattacks succeeding?
- How do you evaluate your current security posture?
Some of the key survey findings include:
- Cyber threats are becoming more sophisticated as well-financed cybercriminal gangs develop improved variants of malware and social-engineering attacks. The perceived effectiveness of current security solutions is not improving – or is actually getting worse – for many organizations.
- Most decision-makers have little confidence that their security infrastructure can adequately address infections on mobile devices, CEO fraud/BEC and preventing user’s personal devices from introducing malware into the corporate network.
- To address the worsening threat landscape, security spending at mid-sized and large organizations will increase by an average of seven percent in 2018 compared to 2017.
The white paper also discusses the level of confidence that security professionals have in defending against these advanced threats. For example, 58 percent of those surveyed believe that their current solutions to eliminate malware before it reaches end users are either “very good” or “excellent,” and 55 percent believe that their ability to protect users from ransomware is this effective.
Unfortunately, things get worse from there: fewer than half of respondents believe their ability to block phishing attempts from end-users, eliminate account takeover attempts before they reach senior executives, and protect sensitive data is either “very good” or “excellent.”
Finally, some best practices that decision-makers must consider to protect against these advanced threats are:
- Deploy a multi-layer approach for email security
- View security holistically from cloud services to endpoint, with end-to-end monitoring
- Train all users, including senior executives
- Use adequate threat intelligence
- Establish detailed and thorough policies