In Part 1 of this summary of the Mimecast State of Email Security Report 2019, we discussed the data indicating that IT teams are struggling to keep up with email-based threats. Because the primary email attack methods – business email compromise (BEC), phishing, spoofing, ransomware and internal threats – are all on the rise, the majority of IT decision-makers lack confidence in their ability to stop an attack.
According to the Mimecast report, there’s a 30 percent chance you’ll experience a major data breach, a 25 percent increase from 2014. And suppose you do suffer a data breach from an email-based attack. Average cost? Nearly $4 million.
Most organizations don’t consider the full picture of the aftermath of a data breach. There’s more to it than recovering and restoring your data, applications and systems so you can resume normal business operations. Security incidents need to be investigated and remediated. You may have to respond to a compliance audit. If your data was exposed or lost, the attacker could plan to use it against you or sell it on the dark web. Those affected, including your customers, need to be contacted. Your reputation could be irreversibly damaged and you could very well lose customers.
Nearly three-quarters of organizations that encountered a BEC attack in the past 12 months experienced a direct loss of data (39 percent), money (29 percent), or customers (28 percent). More than a quarter (26 percent) said their reputation suffered. The average downtime from a ransomware attack was three days. Can you imagine the consequences of your organization not being able to fully function for that long?
The report found that human error was a contributing factor in more than 90 percent of data breaches. Mimecast also conducted a phishing simulation at a company that does not provide employee awareness training. Twelve percent of employees clicked on a link in a phishing email, and more than half of those clicked in less than a second!
Obviously,cybersecurity awareness training can dramatically reduce the risk of a successful, email-based attack. In fact, the Mimecast report cites a separate study that showed employee knowledge of security topics increased by 400 percent after training. However, training is much more likely to work if it’s frequent enough to account for the latest threats, engaging enough to be remembered and applied, and brief enough to avoid overwhelming your employees.
Current, reliable threat intelligence is also critical to preventing attacks. Rather than focusing solely on indicators of a compromise after a threat has entered your network, gather threat intelligence that email security systems can use to keep threats from reaching employee inboxes. Nearly half (44 percent) of respondents said threat intelligence is an extremely important asset, and 55 percent said it will be extremely important in the next 12 months.
ICG’s hosted email solution features Mimecast security to protect your employees and organization from advanced, email-based threats. Cloud email from ICG provides powerful security and the familiar user experience of Microsoft Outlook without the headache of managing your own email server. Let us implement a secure, reliable email system that helps you avoid the costly consequences of a data breach.