We regularly discuss the prevalence, and pure dominance, of phishing attacks and their impact on email security and the world. We’ve previously proclaimed 2016 as having been the year in which phishing went mainstream, and predicted it to have an even greater impact this year. And we’re not alone – in fact, the SANS Institute revealed that 95% of all cyberattacks began with spear-phishing in 2016 and, according to Symantec’s July Intelligence report, “one in every 1,968 emails” during the 31-day month were malicious phishing messages – the highest rate in the past 12 months. Still, we wondered, what do security teams really think of the phishing epidemic?
In partnership with Crowd Research Partners, we surveyed over 500 cybersecurity professionals to find out just that. Our 2017 Email Security Report dives into their insights and details their perspective on email threat challenges and the most successful types of phishing attacks, in addition to the average phishing response time and the email security solutions they most value. Here are some highlights of what we discovered:
The top challenges facing security teams in relation to addressing email security threats are detection, mitigation and remediation. It only takes a few unaware or preoccupied employees to download or click on a malicious email link or attachment to inadvertently provide attackers with access to sensitive corporate networks and data. Additionally, malicious emails continue to easily bypass legacy SPAM Filters, firewalls, and gateway security scans that still inexcusably rely on email content scanning when analyzing messages. Quite frankly, security teams simply cannot keep up.
It’s becoming increasingly difficult to detect phishing emails with the naked eye, as they’re becoming much more sophisticated and targeted. Security professionals revealed that the phishing attacks most successful in tricking employees are email spoofing and impersonation. Unfortunately, email spoofing is pretty easy to enact. In fact, according to Huffington Post, “all a person needs to spoof an email address is a Simple Mail Transfer Protocol (SMTP) server and the appropriate email software.” Despite their simplicity, they’re wildly successful, as proven not just by this report – but by recent events. Just last month, for example, the Internal Revenue Service alerted the public to a new email phishing scam that looks like a joint notice from the IRS and FBI about new tax laws. Instead, when the recipient clicks on a link, ransomware infects and encrypts their data.
Unfortunately, nearly half of the respondents reported that it takes a day or more to remove a phishing email – leaving the hacker with free reign to roam the networks and steal corporate proprietary and customer information without consequence. With a manual remediation process and a skills shortage, it’s no wonder. According to ISACA, a non-profit information security advocacy group, there will be a global shortage of two million cyber security professionals by 2019. When time is of the essence, as it is with phishing, organizations must automate the remediation process or risk significant financial and reputational damage. The good news is, organizations are beginning to realize the need to go beyond the traditional reliance on employee awareness programs and phishing training to defend their networks.
In fact, 93% of the cybersecurity professionals surveyed agree that humans and technology must work together in order to better detect and respond to sophisticated email phishing attacks. This notion is what we’ve built our company around – and it’s one that’s finally starting to resonate. Simply put, organizations that rely on human intelligence and action alone are likely to remain a primary target for phishing attacks. Based on the time sensitivity and complexity of email phishing remediation, the combination of security awareness training with advanced technology is the only way to implement meaningful change to the email phishing attacks that propagate the majority of hacks.
Anti-Impersonation Email Security
Enter IronSights. Built to be every employee’s Virtual Security Analyst, our anti-impersonation email security tool proactively combats spoofing and impersonation emails in real-time, aiding decisions and incentivizing users to report. All suspicious emails are visually flagged the second an email hits an inbox, and a quick button link inside the Outlook toolbar enables instant notification to security teams for further investigation or immediate remediation. By augmenting machine intelligence, IronSights significantly reduces the risk of human error in identifying malicious emails. With IronSights, organizations have a layer of defense at the mailbox- level, ensuring unprecedented protection, enhanced decision making and immediate remediation.