Email is Still the No.1 Target For Cyber Criminals: Study
Email still happens to be one of the most common vectors by which enterprises are attacked. A new research finds that IT and security heads have experienced tremendous data loss in the past one year and that they their client and company data is at risk on email.
The 2021 Data Loss Prevention Report by Egress reveals that 95% of CIO/CISOs believe sensitive client and corporate data is at risk of loss and unauthorized disclosure on email. They see e-mail-borne threats are becoming increasingly sophisticated and problematic for businesses, especially with the rise of remote working trends and organizations’ reliance on legacy email technology.
The report suggests, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months. Human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error – for example, sending an email containing sensitive data to the wrong recipient or attaching the wrong file.
The hidden cost of remote working
Remote working has left employees highly reliant on email, particularly for sharing sensitive data. Since the beginning of the pandemic, 85% of employees reported sending more emails, increasing the surface area for risk when it comes to an outbound email data breach. Email has seen the biggest increase – even over video-calling and messaging apps.
“In testing times, we prefer to fall back on the channels we know and trust. 46% of remote workers said they felt most productive while using email, so for plenty it’s still the best way to get things done fast. Email also offers simplicity. It’s the easiest way to transfer longer-form content to multiple people. You can’t share attachments via video call and messaging apps such as Teams aren’t always suitable for external use,” Egress CEO Tony Pepper said.
Human error and stress
The research also found that 60% of employees are working in environments where distractions are commonplace, such as a shared home offices and communal spaces. In addition to concerns around confidentiality, the distractions faced by employees in these settings leads to an environment of heightened risk of accidental data loss.
According to Pepper, employees continue to work in challenging environments. For example, the risk is compounded by stress and tiredness – and the research revealed that 73% of employees reported that they feel worse because of the pandemic. Also, the blurring of work and home life has led to many employees working longer hours, in distracting environments. “All of this contributes to the likelihood that a costly mistake might be made,” he said.
Nearly three-fourths of employees surveyed revealed that they access work emails outside of their contracted working hours, and almost one-quarter of employees (24%) reporting that they are normally doing something else at the same time.
It’s no surprise then that 59% of IT leaders acknowledged that they have seen an increase in data leakage via email since employees started working remotely due to the pandemic.
Relying on legacy email technology
However, the report also revealed a number of statistics that will be of particular concern to IT professionals. For starters, we found that 83% of organizations have experienced data breaches from email. When we learned that 80% of employees share sensitive data with clients and colleagues via email, it became clear this was a major issue.
When each email breach incident takes around 60 hours to resolve, the implications are serious. Out of the organizations we surveyed, 37% had experienced reputational damage from an email breach and 38% had experienced client churn.
According to Pepper, when IT leaders were quizzed on how they were defending against data loss and how happy they were with their current solutions, one thing was called out loud and clear: traditional DLP technology isn’t cutting it. In fact, IT leaders using legacy static email DLP are frustrated by it.
Organizations are finding it too time consuming to maintain and impractical for everyday use, with 37% have had to manually alter rules to make them usable for employees, which has put data at even more risk. Essentially, the survey data shows that traditional static email DLP is fundamentally unable to prevent email data breaches, the study showed.
Understanding the human layer
In such a context, he said, turning towards intelligent, context-driven human layer security is the need of the hour. “Human layer security uses contextual machine learning to detect abnormal behaviors and alert users to mistakes as they’re happening. Put simply – it lets workers get on with being productive while keeping them secure at the same time,” said Pepper.
For example, they can let people know in real time whether they’ve attached the wrong file or accidentally selected the wrong recipient. It can also detect intentionally risky and malicious behavior to block exfiltration and alert administrators.
“It’s clear that legacy DLP tools are no longer fit for purpose; they’re difficult to use and because they can’t take people’s behavior into consideration, they’re limited in their ability to mitigate the rising tide of email data breaches in this new world of remote working,” said Pepper.
“Organizations must be aware of the new environment of risk and utilize advances in machine learning to give employees a safety net that can detect when they’re about to cause a data breach and prevent these incidents before they happen,” he concluded.
