Market Overview

Only 34 Percent of Non-Security Workers Recall Seeing Email-based Attacks, Finds GreatHorn Survey

Share:

New Research Finds a Perception Gap in the Prevalence of Threats
Facing Business Professionals and the Efficacy of Enterprise Email
Security Strategies

According to a new research report, only 34 percent of users without
email security responsibility recall seeing email-based attacks in their
inboxes, compared to 85 percent of email security professionals. The
finding is part of the "2018
Email Security: Trends, Challenges, and Benchmarks
" report released
today by GreatHorn,
the leading cloud-native email security provider. Throughout June 2018,
295 business professionals from both technical and non-technical job
roles were surveyed to gain a better understanding of the current state
of enterprise email security, threat prevalence, remediation frequency,
and importance within the wider security landscape.

This press release features multimedia. View the full release here:
https://www.businesswire.com/news/home/20180725005363/en/

GreatHorn's email security survey demonstrates that it's not just ultra-sophisticated and personaliz ...

GreatHorn's email security survey demonstrates that it's not just ultra-sophisticated and personalized phishing attacks that make it past legacy email security solutions. (Graphic: GreatHorn)

The data shows a perception gap around email security, particularly
between email security professionals and other personnel. While
two-thirds of non-security workers claim to never see any email threats
besides spam, 56 percent of security professionals see email threats,
including impersonations, wire transfer requests, W2 requests, payload
attacks/malware, business services spoofing, and credential theft, on at
least a weekly basis. Furthermore, 20 percent of these same people also
report a weekly need to take significant remediation actions to counter
the effects of an email-based attack.

"The primary email security challenge enterprises face is trust,"
GreatHorn CEO Kevin O'Brien said. "Our latest data shows that
professionals mistakenly believe that their work email systems are
inherently secure. In turn, this means that they are highly susceptible
to phishing and social engineering attacks, especially as those attacks
become more and more sophisticated. What's needed is a security posture
that begins with the assumption that some amount of malicious mail will
always find a way to bypass legacy perimeter solutions, and which can
intelligently identify, alert on, and disarm attacks that reach the
inbox. The future of email security will be cloud-native,
post-perimeter, and easily deployed – in other words, everything that
yesterday's solutions are not."

Enterprises Set Bar for Email Security Success Too Low

Nearly half of all respondents (46 percent) were less than "satisfied"
with their current email security solution, with only 10 percent
indicating they were "very satisfied." Senior-level IT and security
personnel roles were much more likely to be actively "dissatisfied" or
"very dissatisfied" by their email security solution (20 percent
compared to 12 percent for the general population).

Forty percent of respondents need to routinely take significant
remediation actions to counter basic attacks that get through their
email security solution. Nearly two-thirds (65 percent) indicate
experiencing major technical issues with their existing security
solution such as the following:

  • 1 in 6 miss basic payload attacks, despite being arguably the most
    heavily guarded against threats by perimeter-based email security
    solutions;
  • 35 percent report that their current solution doesn't stop internal
    threats (e.g. if a user account is compromised);
  • 19 percent report that they have weak or no remediation capabilities
    if an email threat reaches an end user;
  • 21 percent believe their solution negatively impacts business
    operations (e.g. too many false-positives);
  • 20 percent are missing phishing attacks such as impersonations

This survey demonstrates that it's not just ultra-sophisticated and
personalized phishing attacks that make it past legacy email security
solutions. Secure email gateways (SEGs), were designed to operate at the
perimeter, using a binary good/bad model that was moderately successful
for spotting malware prior to cloud deployment models. Today's
cloud-based infrastructure, however, requires a continuous protection
model that can spot highly targeted spear phishing campaigns as well as
general malware, and provides a mechanism for re-evaluating and
remediating email as new threats emerge.

Impersonations are Still Phishers' Weapon of Choice

Overall, nearly half (46 percent) of all respondents see executive,
internal, or external impersonations, with that number jumping to 65
percent among email security professionals. Business services spoofing
was the second most prevalent email threat respondents experience (42
percent), followed by wire transfers (39 percent), credential theft (34
percent), and payload/malware (33 percent).

Email Security is a Priority, Particularly Among Security Strategists

The FBI recently reported business email compromise attacks are
responsible for more than $12
billion
in losses in the past five years, so it's no surprise that
email security is a major focus for senior-level IT and security
leaders. 54 percent of respondents that were responsible for their
organization's security strategy selected email security as one of their
top three security initiatives in 2018.

More Resources

About GreatHorn

GreatHorn protects Office 365 and G Suite customers from today's
sophisticated email threats by automating detection, remediation, and
post-delivery incident response. By combining deep relationship
analytics with continuously evolving user and organizational profiling,
GreatHorn's cloud-native email security platform provides adaptive,
anomaly-based threat detection that secures email from malware,
ransomware, executive impersonations, credential theft attempts,
business services spoofing, and other social engineering-based phishing
attacks. More information is available at www.greathorn.com.

View Comments and Join the Discussion!