60% of Organizations are Hit by Cyberattacks Spread by Their Own Employees

Wednesday, July 1, 2020
0

The unwitting participant appears to be alive and well, based on new data from security vendor Mimecast. With employees being the source of attack surface expansion, what’s an organization to do?

When you think of cyberattacks, the assumption is that it’s a simple matter of “the bad guy sends an email, the user gets fooled, the user clicks malicious content, and the badness happens.” But the State of Email Security 2020 report from Mimecast sheds some light on some of both the how and why attacks are still successful.

According to the report:

  • 51% of organizations have been impacted by ransomware in the last 12 months
  • 58% saw phishing attacks increase
  • 60% have seen an increase in impersonation fraud
  • 82% have experienced downtime from an attack

These numbers aren’t good. Way too many organizations are feeling the pain of email-based cyberattack, despite knowing the problem is only getting worse. So, why are organizations proving to be such easy targets for email-based cyberattacks?

According to the report, it’s a problem-riddled combination of issues involving your people, processes and technology. In essence, the lack of sufficient presence of all three plays a role. From the report:

  • An average of 41% of organizations don’t have a system in place to monitor for and detect malicious content in emails (Technology)
  • 55% of organizations don’t provide security awareness training on a regular basis (Process)
  • 60% of organizations have experienced their own employees being responsible for spreading a malicious email (People)

With 60% of organizations believing they will be the victim of an email-borne attack in the coming year, organizations need to be taking steps to protect themselves with a security strategy that addresses all three issues. Putting a layered security strategy in place that detects malicious content before it ever reaches your users is imperative.

But, because no solution is 100% foolproof, it’s equally as important to ensure users are continually educated using security awareness training. By doing so, you will improve the organization’s security posture, and keep users from participating in the spread of malicious emails.

This blog originally appeared on KnowBe4.

Stu Sjouwerman
About the Author
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.

ENX Magazine April 2024 Issue

Click to View Digital Magazine

View Articles in this issue

Subscription Update

Manage Subscription

Sign Up for weekly eNews

Difference Makers Nomination

Follow us on Twitter


ENX

Industry Info

Search Our Articles

Login    Privacy Policy   Site Map
Website by Elle*Eye Design, LLC