See also: 5 Best Practices to Strengthen Email Security in your Organization

In its Q3 2021 Email Threat Report, Abnormal Security revealed that over 137 account takeover attacks occurred per 100,000 mailboxes for C-suite employees. The researchers observed a significant rise in credential phishing and brute force attacks, using which attackers obtained sensitive data like passwords and usernames.

The report identified advanced email attacks across eight major industry sectors: manufacturing, technology, retail and consumer goods, energy and infrastructure services, medical, media and television, finance, and hospitality.

Key Findings

• 5% of all companies were targeted by brute force attacks in early June 2021
• 61% of organizations experienced a vendor email compromise attack this quarter
• 22% more business email compromise attacks since Q4 2020
• 60% chance of a successful account takeover each week for organizations with 50,000+ employees
• 73% of all advanced threats were credential phishing attacks
• 80% probability of attack every week for retail and consumer goods, technology, and media and television companies

Impersonation at its Peak

The survey also stressed that impersonation attacks have become prevalent since the beginning of the pandemic. Cybercriminals mimic popular brand names to trick their victims into providing private data like login credentials. Impersonation of internal systems like IT help desk and IT support rose 46% over the past two quarters.

“Socially-engineered attacks are dramatically rising within enterprises worldwide, creating unprecedented financial and reputational risks. These never-before-seen attacks are becoming more sophisticated with every passing day. They don’t contain indicators of compromise, such as links, attachments, and reputational risks, so they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware. To effectively protect against these attacks, we can no longer rely only upon established threat intelligence. To baseline good behavior, we need to look further to comprehensively understand employee and vendor identities and their relationships, all with deep context, including content and tone. Any subtle deviations from this baseline expose the possibility of a threat or attack,” said Evan Reiser, CEO, Abnormal Security.

The increase in different kinds of impersonation and email threats represents the sophistication of threat vectors and stresses the need for robust email security practices.

The post Email Threats Continue to be Gateway of Major Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

In a BEC attack, hackers use social engineering tactics to steal the credentials of business email accounts. Further, BEC emails are sent to unwitting employees by spoofing the identity of high-ranking executives. Threat actors trick employees into performing activities under the guise of legitimate business operations.

Increase in BEC Attacks

Though BEC emails do not have any malware payloads, they can cause severe financial damage to the victim organizations via various fiscal fraud campaigns. As per the 2021 Business Email Compromise Report, BEC attacks are the most financially damaging security threats. Out of all security incidents reported by organizations in 2020, BEC attacks accounted for 50%, resulting in other kinds of threats like loss of data (16%), compromised accounts (36%), and payment fraud (16%).

Three Steps to Prevent BEC Attacks

Despite implementing several email security measures, organizations are still suffering from BEC attacks. Here are the three Ps you need to defend your organization from BEC threats:

1. Monitor Your ‘Process’

BEC email attackers usually target employees in the financial department to clear payment approvals by impersonating the company’s C-suite executives. Organizations should enhance their payment approval process to ensure that every payment request is legitimate. Organizations should re-evaluate their payment authorization policy to avoid misuse of the process. Instead of allowing unlimited authorization to a single individual or department, organizations should establish multiple approval levels for any payments.

2. Educate Your ‘People’

Email spoofing and spear-phishing attacks are the most common type of BEC attacks. Employees should be able to identify phishing emails/messages to avoid unnecessary mishaps. A single act of an ignorant employee could cost a fortune to organizations. Employees in every department need to recognize the sender before clicking on links sent via external sources. Human firewall is crucial to disinfect human error.

3. Enhance Your ‘Protection’

Ask your employees to follow basic email hygiene practices to prevent unauthorized intrusions. While deploying the latest anti-virus software, thwarting malicious payloads distributed by email and implementing email authentication services like DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) will prevent email spoofing. Besides email security, enforce strong password and authentication management policies to boost the security of business email accounts.

Wrap-up

Simple mistakes could disrupt the entire organization’s security defense and risk its most valuable asset – data.  Hence sound security practices – from authentication to awareness – are key to enterprise cyber hygiene.

About the Author:

 

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

Read More from the author.

The post These are the 3 Ps for Thwarting BEC Attacks appeared first on CISO MAG | Cyber Security Magazine.

The survey “Anatomy of a Compromised Account” revealed that 50% of compromised accounts in phishing attacks are accessed within 12 hours. It also found that cybercriminals try to exploit the stolen credentials as quickly as possible. In its six-month investigation, the Agari Cyber Intelligence Division (ACID) deployed more than 8,000 phishing sites mimicking popular brands such as Microsoft Account, Microsoft Office 365, and Adobe Document Cloud login screens. After submitting the login credentials, the research team linked individual phishing attacks to specific actors and their post-compromise actions to understand the lifecycle of the compromised account.

Key Findings

• One in five accounts were accessed within the first-hour post-compromise.
• Over 91% of all accounts were manually accessed by threat actors within the first week.
• Scammers were located in 44 countries worldwide, with 47% in Nigeria.
• Nearly a quarter of compromised accounts were automatically accessed at the time of compromise to validate the authenticity of the credentials.

How Attackers Exploit Compromised Accounts

Threat actors created fake applications including Microsoft OneDrive and Microsoft Teams to send phishing emails to targeted users and use the compromised accounts to set up additional Business Email Compromise (BEC) infrastructure. The research team claimed that scammers gained access to the compromised accounts to send vendor scam emails to high-profile employees who have access to the company’s financial information. The hacked accounts were also used for sending malicious emails and using the accounts to register for additional software to run their scams.

“Business email compromise or BEC remains the most prevalent threat in email security, and when cybercriminals gain access to legitimate email accounts, the problem is magnified. This research provides key insights into how cybercriminals use these accounts and underscores the importance of securing your email environment against credential phishing attacks from the beginning,” said Patrick Peterson, founder of Agari.

Scammers Found Using Compromised Credentials

The researchers stated that they have detected the actual location of cybercriminals associated with 41% of the compromised accounts. Most scammers are located in places like Eastern Europe, Russia, or North Africa. While Nigeria may be the primary location for users of compromised credentials, the second-most common location was the U.S., followed by South Africa, the UAE, the U.K., and Turkey.

BEC attacks are increasing exponentially. It is a severe security concern for organizations without proper security measures in place to protect against BEC and account takeover attacks.

The post This is How Credential Phishing is Used to Compromise Email Accounts appeared first on CISO MAG | Cyber Security Magazine.

In an email interaction with Augustin Kurian, Assistant Editor of CISO MAG, Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock, discuss the increasing cyberthreats given the current social apps scams making consumers vulnerable.

Chopra is responsible for developing and implementing strategies to drive the adoption of NortonLifelock products among consumers in the sub-continent. He champions NortonLifelock’s partner strategy in India and manages OEM/ISP and online channel relationships. Chopra also held the position of Country Manager until June 2018 before being promoted and has been with the company since 2012.  With over 20 years of extensive experience in the technology sector, he is a sales and marketing strategist in India and Asia-Pacific regions. He has been recognized with Six Sigma qualification and has successfully conceptualized and implemented multi-tier channel loyalty programs in his previous role with Seagate, Singapore.

In the interview, Chopra has also provided insights on the growing usage of the dark web as well as key findings from the NortonLifeLock Digital Wellness Report.

Email addresses were the most common piece of PII shared with apps and were shared with 48% of the iOS apps and 44% of the Android apps analyzed. With the rise of the dark web, do you think better nationwide cybersecurity regulation can bring in a lot of difference?  

Personally, Identifiable Information (PII) such as medical records, bank details, passwords, phone numbers, and email IDs are most targeted by cybercriminals. Cybersecurity regulations will certainly help in making a difference in how data is handled on the dark web. But consumers also need to be aware of the kind of data that is shared through apps. Certain apps can enable attackers to mine information from the device in the background, even without the user’s knowledge. Unlike desktop users, smartphone users cannot see the entire URL of the site they are visiting, which makes them vulnerable to phishing attacks. Such threats can be avoided, to an extent, by using strong passwords, avoiding using public WiFi, watching out for phishing emails, regularly backing up important data, and keeping all apps and operating systems up-to-date. Amidst the evolving cybersecurity landscape, it is imperative for individuals to invest in robust anti-theft device security to ensure digital safety.

COVID-19 changed the cybersecurity landscape. It is now even more important for companies to support the security of their workforce – regardless of geo-location or platform. With myriad compliance and regulations norms varying from country to country, how should a company ensure that best practices are in place across their offices globally? 

The COVID-19 pandemic has changed the way we work; the concept of “remote working” is gaining popularity. While people seek opportunities that allow remote work, they must also equip themselves with cyber safety and data protection tools. There are some basic measures you can adopt to avoid falling prey to cyberattacks:

• Speak to your employer to understand the policies that help keep you, your co-workers, and the business safe.
• Always use the company’s tech toolbox, as it likely includes firewall and antivirus protection and security features like VPN and two-factor authentication.
• Beware of coronavirus-themed phishing emails used by cybercriminals. Immediately report such phishing attempts to your employer.
• Keep your VPN turned on, as it provides a secure link between employees and businesses by encrypting data. A VPN helps keep information secure from cybercriminals and competitors.
• While working remotely, it is important to understand that online safety is a shared responsibility that begins at the individual level.

As far as PCs are concerned, people are increasingly using paid software. They are even adopting security products for ‘Mac’ machines. But the mobile side continues to present a challenge. We are seeing people adopt VPN and mobile security products; however, it still appears to be a bit further away from what we would want it to be.

India witnessed several state-sponsored attacks during vaccine development. Even the vaccine makers are being targeted in nation-state attacks. What can the country and its cybersecurity divisions do to combat these threat vectors?

Scammers and cybercriminals have been exploiting the COVID-19 pandemic and, more recently, the ongoing vaccination drive, to create new hooks to lure victims. Although the authorities have been warning people to watch out for scams on such themes, there has been a huge increase in the number of phishing scams since the pandemic began. Cybercriminals are sending emails that appear to be sent by government agencies, employers, and other global health organizations, inviting users to click on what, in reality, are malicious links.

Consumers can adopt some basic measures to falling prey to cyberattacks:

• Beware of online requests for personal information. A coronavirus-themed email that seeks your personal data is likely to be a phishing scam. Legitimate government agencies will not ask for such information. Do not respond to such emails.
• Check the email address or link. You can inspect a link by hovering the cursor over the URL to see where it leads. Sometimes, it is obvious the web address is not legitimate. Even otherwise, be careful, because phishers can create malicious links that closely resemble legitimate addresses.
• Phishing emails are unlikely to address you by your name. Greetings like “Dear Sir or Madam” is an indication that email might not be legitimate.
• Avoid emails that urge you to take immediate action. Phishing emails often try to create a false sense of urgency. The goal is to get the user to click on a link and divulge personal information. If you receive a suspicious-looking email of this type, delete it.

Millennials top the charts in online transactions as compared to women and Gen X who are most complacent about security, yet trends indicate Gen X to be more susceptible to cyberattacks than millennials. Do you think it is completely around digital literacy, or there is more to this trend?

The lines between the virtual and the real world have blurred today. Individuals, irrespective of their age or generation, are vulnerable to cyberattacks when they use public or private networks if they do not have any cyber safety solutions installed on their systems. Individuals often neglect to log out of their social media accounts and apps. This habit needs to change. We must bring some good practices from the real world into the virtual one. Just like how we lock the main door before going to sleep, we should log out of emails and social media accounts, and online banking sessions, once we are done using them.

We often download free apps and, often, without thinking, permit them to access different features and data on our device. If something like a weather app asks us to grant access to our contact list, it should give us pause for thought. We need to read the terms and conditions a careful read too, rather than accepting them blindly. It is advisable to install an application scanner to check for security vulnerabilities and a VPN to mask our identity.

Data from our Digital Wellness Report reveals some interesting facts:

• 81% of the respondents in the survey were using parental control mechanisms on their devices, while 70% knew that connecting with strangers while playing online games could lead to problems like cyberbullying.
• The report found that female respondents (84%) were more aware than men (74%) about security threats and that they had security software installed on their smartphones.
• 71% of female respondents (versus 63% of male respondents) concerned themselves with app privacy and permissions on their phones.
• Gen Z users (95%) were found to be more proactive than millennials (94%) and Gen X users (90%) in adjusting the privacy permissions on their phones.

According to our 2019 NortonLifelock Cyber Insight Report:

• 40% of millennials reported having experienced cybercrime in the past year.
• Nearly 3 in 10 people said they cannot detect a phishing attack. Another 13% said they have to guess between a real message and a phishing email. Thus, 4 in every 10 people were vulnerable to phishing.
• 86% of respondents said they may have experienced a phishing incident.
• 7 in 10 respondents wished they could make their home Wi-Fi network more secure.
• 27% of respondents believed it was likely their home Wi-Fi network could be compromised.

At present, fintech is one of the most regulated industries in the world. But the key challenge is the presence of too many governing bodies but no universal standards – a singular regulatory policy or framework for the industry is lacking. Do you feel there is a need for a standard set of compliance and regulation for fintech and cryptocurrency?  

You’ve probably heard of Bitcoin. But what about Ethereum? Or Tether and Polkadot? What are these? They’re all examples of cryptocurrency – a digital currency that you can buy with real money and then spend in online transactions. It’s true that you probably can’t buy a meal at your favorite restaurant with Bitcoin or rely on Ethereum to fill your car’s gas tank. But cryptocurrency is becoming increasingly more popular and valuable. Coindesk.com, which covers cryptocurrency, reported that, as of January 2021, the total value of all cryptocurrencies topped $1 trillion for the first time.

New cryptocurrencies emerge frequently. Coinmarketcap.com listed more than 4,100 types of them in an early 2021 price index published on its site. But what do these digital currencies mean to you? Do you need to learn how to purchase them and spend them? Probably not. But while digital money isn’t a necessity, it does have its uses. Users of cryptocurrency say that digital transactions closed with cryptocurrency are more secure than those using credit cards.

As cryptocurrencies become more popular, so do the scams associated with them. Some scammers set up fake cryptocurrency exchanges. You might send real money to buy Bitcoins that don’t exist. Once you send your funds, they are gone, and your crypto wallet remains empty. To avoid such scams, only buy cryptocurrency from reputed exchanges. Don’t do business with exchanges that seemingly pop up out of nowhere.

What kinds of changes should be made during vendor sourcing and onboarding processes? And how much of the responsibility must fall on the CISO? 

Data beaches have a direct negative impact on at least three very important aspects of a brand: presence, affinity, and trust. In the age of social media, negative news can affect not only people’s perceptions about the company but also the company’s financial prospects. Customers might stop engaging with the brand completely or engage at a significantly lower level than before.

Data security has, for long, been viewed as a “hygiene” factor by many businesses and consumers. However, in today’s interconnected world, where data is more valuable than ever and a company’s reputation is based on its ability to protect customer data and establish digital trust, cyber safety and data security are no longer a mere hygiene exercise, but a business differentiator.

There are no set rules for building a security framework, and no system can guarantee 100% protection against all threats. However, imbibing a culture of security within the organization and ensuring the independence and empowerment of the CISO indicates that the organization is serious about cyber safety and data security. It also ensures that critical security-related changes within the organization can be effectively taken care of by the CISO.

About the Interviewer

Augustin Kurian the Assistant Editor of CISO MAG. He writes interviews and features.

 

The post Mobile Side of Technology Adoption Still Continues to Present a Challenge appeared first on CISO MAG | Cyber Security Magazine.

The NCSC’s defense system took down over 15,000 COVID-related malicious campaigns last year and blocked nearly 260 Sender IDs for sending malicious SMS messages. In addition, the agency prevented over 166,000 phishing URLs, in which 65% were within a day and 2.3 million suspect emails were forwarded to its new Suspicious Email Reporting Service (SERS).

The NCSC also highlighted that it performed threat hunting on 1.4 million National Health Service (NHS) endpoints, and scanned over one million IP addresses to detect security weaknesses and applied its Active Cyber Defense services to 235 frontline health care providers with web, email security, and DNS protection.

Paul Chichester, NCSC Director of operations, said, “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic. Working with our allies, the NCSC is committed to protecting our most critical assets and our top priority at this time is to protect the health sector. We would urge organizations to familiarize themselves with the advice we have published to help defend their networks.”

NCSC’s New Vulnerability Reporting Toolkit

Recently, NCSC released a new “Vulnerability Reporting Toolkit,” which is intended to help organizations manage their vulnerability disclosure processes in a simplified manner. The Toolkit is helpful for all types of organizations that are planning to implement a vulnerability disclosure process in their system. Read more…

The post 1 in 4 Cyberattacks Handled by U.K.’s NCSC Were Related to COVID-19 appeared first on CISO MAG | Cyber Security Magazine.

Employee: the Root Cause

According to the report, the tiredness and stress in employees were the primary reasons for email data breaches, while remote working was cited as the second common reason. When asked about the impact of data breaches, on an individual-level, employees received a formal warning in 46% of incidents, were fired in 27%, and legal action was brought against them in 28%. At an organizational-level, 33% said it had caused financial damage and led to an investigation by a data regulatory body.

Lack of Email Security Tools

The research also highlighted that 16% of respondents had no technology in place to protect data shared by outbound email. 44% said they have message level encryption and 45% said they have password protection for sensitive documents; however, employees had not used the technology provided to prevent the breach in one-third of the most serious breaches suffered.

 Key Findings

• Organizations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours.
• The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%).
• 62% rely on people-led reporting to identify outbound email data breaches.
• 94% of surveyed organizations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26% and 75%.
• 70% believe remote working raises the risk of sensitive data being put at risk from outbound email data breaches.

The findings are based on the responses of 538 senior managers responsible for IT security in the U.K. and the U.S. across vertical sectors including financial services, health care, banking, and legal.

Egress CEO Tony Pepper said, “Unfortunately, legacy email security tools and the native controls within email environments, such as Outlook for Microsoft 365, are unable to mitigate the outbound email security risks that modern organizations face today. They rely on static rules or user-led decisions and are unable to learn from individual employees’ behavior patterns. This means they can’t detect any abnormal changes that put data at risk – such as Outlook autocomplete suggesting the wrong recipient and a tired employee adding them to an email.”

Pepper added, “This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spot errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake.”

The post Organizations Suffer Outbound Email Data Breaches Every 12 Working Hours appeared first on CISO MAG | Cyber Security Magazine.

Based in San Francisco, CA., Abnormal Security protects organizations from advanced targeted attacks including spear-phishing and business email compromise attacks. Its cloud-native architecture and AI platform provide an inside-out understanding of people and organizational processes to prevent targeted email attacks.

Evan Reiser, Co-founder and CEO at Abnormal Security, said, “When considering the right cloud infrastructure, startups need to look at both the technology platform and the business opportunity. As a cybersecurity company, we were very intrigued with Azure’s inherent security, privacy, and AI offerings and as a startup, Microsoft’s go-to-market support and access to the largest enterprises is unmatched.”

Abnormal’s new security offering will be directly available for purchase on Microsoft’s Azure Marketplace.

Jeffrey Ma, VP Microsoft for Startups said, “Microsoft for Startups helps B2B startups use the Microsoft platform to scale their business quickly and deliver innovative AI-powered solutions to enterprise customers.”

Microsoft’s New Integrations

Recently, automotive cybersecurity firm Upstream Security joined the Microsoft Intelligent Security Association to establish an ecosystem of leading software vendors that have integrated their solutions to better defend against automotive cyberattacks.  Upstream also revealed that its C4 platform and Microsoft Azure Sentinel will help enable detection, investigation, and remediation for threats targeting connected vehicles and smart mobility services. Through this integration, alerts from Upstream C4 can be used to automate responses based on an OEM vehicle manufacturer’s or connected fleet’s unique security policies. Upstream’s C4 platform leverages existing automotive data feeds to detect threats in real-time and delivers cybersecurity insights supported by AutoThreat Intelligence.

The post Strategic Alliance! Abnormal Security and Microsoft to Deliver Comprehensive Email Security appeared first on CISO MAG | Cyber Security Magazine.

With the new partnership, global organizations can now use a combination of Proofpoint’s Targeted Attack Protection (TAP) and CyberArk’s Privileged Access Security to identify and manage privileged access and revoke privileged access for potentially compromised users.

CyberArk provides privileged access management services globally. It offers enterprises a critical layer of IT security to protect their critical data, infrastructure, and digital assets on-premises, in the cloud, and throughout the DevOps pipeline. With an integrated suite of cloud-based solutions, Proofpoint helps global companies to prevent targeted threats, safeguard their data, and make their users more resilient against cyberattacks.

Bhagwat Swaroop, Executive Vice President of Industry Solutions and Business Development for Proofpoint, said, “Threat actors are exceptionally adept at targeting individuals with privileged access to extremely sensitive data — and organizations need the ability to seamlessly protect those users, across their ecosystem of security solutions.”

Adam Bosnian, Executive Vice President of Global Business Development at CyberArk, said, “Privileged users are just as vulnerable to email-based cyberattacks as anyone in an organization, however the systems and environments they manage are so critical to the business that a breach can be devastating. With Proofpoint Targeted Attack Prevention feeding information to CyberArk about ‘very attacked’ privileged users in an organization, we can immediately — and automatically — apply remediation measures to help stop targeted threats before they can reach their intended destination.”

The post Proofpoint And CyberArk Extend Partnership to Mitigate Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.

Risks from Distraction

The research also highlighted that 33% of employees never think about cybersecurity while working. Nearly 45% of respondents cited distraction as the primary reason for falling for a phishing scam. And 57% of employees admitted that they are more distracted when working from home. Other reasons for employees falling for phishing attempts are: the perceived legitimacy of the email (43%) and the fact that it appeared to have come from either a senior executive (41%) or a well-known brand (40%).

Phishing Attempts

Phishing is one of the major security risks for an organization, as attackers try to target the entire network system. It is found that 1 in 4 employees (25%) said they have clicked on a phishing email at work. Men were twice as likely as women to fall for phishing scams, with 34% of male respondents saying they have clicked on a link in a phishing email versus just 17% of women. The research also stated that older employees were the least susceptible to phishing scams, with just 8% of them admitting they clicked on a phishing link.

“The older generation has, in many ways, the potential tools and mindsets needed for detecting phishing attacks. They have more life experience, and they tend to have strong, close networks which means they are good at detecting when something does not feel quite right. But if you are less experienced with these kinds of attacks, they are going to be harder for you to spot,” said Stanford University Professor Jeff Hancock.

“Understanding how stress impacts behavior is critical to improving cybersecurity. When people are stressed and distracted, they tend to make mistakes or decisions they later regret. Working in unusual environments can be stressful and distracting. The events of 2020 mean our personal and professional spaces have blurred, and we’ve had to quickly learn new ways of operating and this has its challenges,” Hancock added.

The post Stressed, Distracted Employees Exposing Organizations to Cybersecurity Risks: Study appeared first on CISO MAG | Cyber Security Magazine.

According to the report, “State of Email Security 2020 Report,” domain-spoofing and email-spoofing have become mainstream attack vectors, and 49% reported that they are expecting an increase in web or email spoofing and brand exploitation in the next 12 months. While 84% of respondents feel concerned about an email domain, web domain, brand exploitation, or site spoofing attack.

Old Threats Continue to be a Major Concern

The study also stated that impersonation attacks, phishing attempts, and ransomware continue to be major security concerns, and 72% of respondents reported phishing attacks remained flat or increased in the last 12 months; 74% reported the same about impersonation attacks. “Ransomware also continues to wreak havoc, as just over half of respondents (51%) said ransomware attacks impacted their organization, citing data loss, downtime, financial loss and loss of reputation or trust among customers,” the report said.

Need for Strong Security Awareness

The report highlighted that there is a strong need for a more cyber aware workforce, with 97% of organizations stating that they offer security awareness training to their employees. However, 60% of them reported they have been hit by malicious activity spread from employee to employee.

Joshua Douglas, Vice President of threat intelligence at Mimecast, said, “We are seeing the same threats that organizations have faced for years playing out with tactics matched to world events to evade detection. The increases in remote working due to the global pandemic have only amplified the risks businesses face from these threats, making the need for effective cyber resilience essential. It is likely that cyber resilience strategies are lacking key elements, or do not have any at all, depending on the organization’s maturity in cybersecurity.

“Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation. This means organizations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity,” Douglas added.

The survey report is based on the views of 1,025 global IT decision makers on the present state of cybersecurity.

The post 60% of Organizations Believe to Likely Suffer Email Borne Attacks appeared first on CISO MAG | Cyber Security Magazine.