State of Email Security Report 2021 – The Findings
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
In its report, Mimecast detected an upsurge in email-based cyber-attacks in the wake of COVID-19 with email-borne malware, phishing attacks, and ingenious social engineering tactics targeting a remote and disoriented workforce. To help you take stock, we’ve summarised the key findings of the report and which security challenges to think about in 2021 and beyond.
The Impact of the COVID-19 Pandemic
2020 saw businesses worldwide swap offices and meeting rooms for email, instant messaging, and video conferencing. Sensitive business information is now discussed across collaboration tools and extended email threads instead of face to face. Employees are adjusting to a new working environment with household distractions. And unfortunately, the swell of digital activity and uncertainty has presented cybercriminals with an unprecedented opportunity to take advantage. Some of the key trends attributed to the global pandemic in Mimecast’s State of Email Security Report includes:
- 64% increase in email-based cyberattacks.
- 47% of survey respondents witnessed an increase in email spoofing activity.
- Employees are three times more likely than before to click on malicious URLs.
- Phishing has been the predominant threat, with 63% of respondents facing a surge in targeted malicious emails.
- 51% of respondents reported an increase in Business Email Compromise attacks (BEC), a significant year-on-year rise.
The Rise of Ransomware
The impact of ransomware has been growing each year in Mimecast’s State of Email Security Report and is now affecting more businesses across all regions and industries than ever before. This year, almost 80% of survey respondents indicated that their companies had experienced setbacks in 2020 due to a lack of cyber preparedness and ransomware was identified as the primary cause of these disruptions. In relation to ransomware, Mimecast reported:
- Over 60% of companies were disrupted by a ransomware attack in 2020, a 20% increase on the previous year.
- Businesses lost an average of six working days to system downtime, with over a third affected for a week or more.
- More than half of ransomware victims paid the ransom, but a third never saw their data again.
The Lack of Cyber Preparedness
While most respondents either have email security systems in place or are looking to do so, many critical safeguards are lacking. A significant number of businesses are failing to monitor inbound and outbound threats, protect against data exfiltration, and remove malicious emails. While some companies have additional protections in place and are leveraging machine learning technology, many rely entirely on the safeguards provided by Microsoft 365 and are falling drastically short. This explains some of the key findings around cyber preparedness:
- Almost 80% of companies were hurt by their lack of cyber preparedness.
- 40% of respondents said their organisations fall short in one or more critical areas of email security, exposing employees to email-borne attacks.
- 43% of companies believe that employee naivete is one of their greatest vulnerabilities.
- Only one in five businesses have ongoing securing awareness training in place.
The Need for a Cyber Resilience Strategy
While the Pandemic seems to be slowing down, the threat of email-borne attacks is set to do no such thing. Cybercriminals will continue to exploit any and all vulnerabilities. That means focusing on employees who continue to work remotely as well as those transitioning back to the office. The chief deterrent is the scope and depth of a business’s cyber resilience strategy. Microsoft 365 is good but a layered defence is much better. This is what gives companies the ability to prevent and adapt to new threats and quickly respond and recover from attacks.
44% of respondents already have a cyber resilience strategy in place and feel more confident in their ability to withstand email-borne attacks. It goes to show that building a holistic approach of layered email defences coupled with security awareness training is the best way to protect your business.
How to Protect Your Business
Over two-thirds of businesses are expecting a disruption due to an email security attack in 2021, which means it pays to be prepared. Mimecast’s State of Email Security Report can help you deliver continuous improvements to your cybersecurity posture moving forward into the post-COVID world.
If you want to bolster your defences, at InfoTrust, we offer a comprehensive approach to securing your email ecosystem. Contact us today to find out how we can help protect your business now and into the future.
see our
Related resources
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
With Privacy Awareness Week (PAW) upon us once more (3-9 May 2021), we are reminded of the importance of protecting personal information online. If we don’t practise due diligence to protect our personal information, we may be sharing more than we intend to. Whether through work, study or social activities, our contact details, financial data, and sensitive information can be shared in unexpected ways, leaving us vulnerable to data breaches and fraud.
We're Here To Help