The global pandemic has caused most, if not all organisations to shift to remote and hybrid work. This has led to businesses completely changing how they operate overnight with very little to no preparation. However, where many businesses saw a crisis, cybercriminals saw opportunity. 

With cyberattacks on the rise, we think it is important to keep informed on what you can do to ensure your business is protected. This blog highlights important insights from the State of Email Security Report and shares some tips on what you can do to stay ahead of the game.

The COVID threat landscape has become more treacherous

According to reports, during 2020 email threats rose by nearly two-thirds as commerce had to rely on email. This led to cybercriminals seizing opportunities brought on by the pandemic to push their agendas. 7 out of 10 companies are bracing for the worst and expect their business to be harmed by an email-borne attack.

Phishing and Business Email Compromise (BEC) attacks are more insidious than ever

Since the pandemic began, phishing attacks have surged by 63% as criminals play on COVID-related fears and target employees who are often distracted by their new work-at home environments. The results are painful, as employees have been duped into clicking on three times as many malicious emails as they used to. 

These emails are normally made to imitate invoices, payments, password resets or even impersonate CEO/Directors personal emails asking for something. The problem with these is they can be very convincing, with many emails coming from recognisable senders where the sender domain looks alarmingly close to the real thing.

Collaboration tools represent increased security risk

As a result of the pandemic and the shift to working from home, all businesses had to think fast and adopt collaboration tools like Microsoft Teams and Slack for work. As useful as they are, these tools pose their own set of cybersecurity challenges, and many users are concerned about the risks.

Ransomware is everywhere

More than out of 10 companies were disrupted by a ransomware attack last year, losing 6 days of work on average. Among the businesses that were affected, more than half felt compelled to pay the ransom but only two out of three of them recovered their data. The other third never saw their data again—despite paying the ransom.

Cyber preparedness is lacking at too many companies

These are heavy statistics: By their own acknowledgement, in 2020, nearly 8 in 10 companies had their business disrupted, incurred a financial loss or suffered some other setback due to their lack of cyber preparedness. Even worse, email security at more than 40% of businesses falls short in one or more critical areas, and 13% of businesses don’t have an email security system at all. Given the post-COVID threat level, this situation is no longer sustainable.

Microsoft 365 security is good – but a layered defense is much better

Many businesses rely on the safeguards provided by Microsoft 365 to keep their email secure, and these are well regarded. Nevertheless, nearly 9 in 10 companies strongly believe they need additional layers of email security over and above what Microsoft provides.

Cybersecurity technologies will increasingly incorporate AI and machine learning

More than a third of companies are making use of AI and machine learning to bolster their cyber defenses. This is even higher among companies that have a cyber resilience strategy in place. It’s still early days for these technologies and their application to cybersecurity, so we would suggest keeping an eye on this rising trend—one that’s sure to play out more fully in the months and years ahead.

Cybersecurity awareness training needs to be a bigger priority

Although 7 out of 10 companies believe employee behaviors such as careless web browsing and inadvertent data leaks are putting them at risk, fewer than half provide ongoing cyber awareness security training at least once a month, and one in five provide little or no training. Yet studies have shown that awareness training is a low-cost and highly effective means of reducing an organisation’s cyber risk. Giving higher priority to cybersecurity training would benefit businesses greatly.

Spoofing and brand impersonation represent a new front in the cyber wars

By their own admission, 9 out of 10 companies are threatened by online brand impersonation and misappropriation, putting their customers, their finances and their reputations at risk. Luckily, the vast majority of businesses are fighting back and enlisting specialised services to detect and defend against counterfeit emails and websites.

Cyber resilience pays off

A cyber resilience strategy that helps a business adapt and respond to new threats is clearly paying dividends to those that have one in place. Such companies are more confident in their ability to withstand and prevent an email-borne attack and are less likely to be hindered by one. They are also much less likely to be disrupted by ransomware, are far more likely to have implemented Domain-based Message Authentication, Reporting, and Conformance (DMARC), to safeguard their brand and are far more likely to have incorporated AI and machine learning into their defences than those without a strategy.

Is your business prepared for potential cyberattacks? With online attacks on the rise, speak to our team of experts who can help keep your data secure. We work with cyber resilience solutions like Mimecast to help you in your cyber security journey.