U.S. Firms Not Doing Enough to Avoid Phishing and Email Impersonation Attacks

August 24, 2018

 

IT experts are well conscious of the danger from phishing and electronic mail impersonation attacks, nevertheless, although the danger of an attack is high, U.S. firms are not doing enough to avoid phishing and electronic mail impersonation attacks as per the latest survey of U.S. IT experts.

The survey was carried out by the Ponemon Institute on behalf of Valimail on 650 IT and IT safety experts in the United States who play a part in safeguarding end users from electronic mail dangers and safeguarding electronic mail applications.

80% of respondents were very worried concerning email-based dangers and their capability to cope with those dangers, yet just 29% of companies have taken major steps toward obstructive phishing and electronic mail impersonation attacks. At some companies, the lack of safety solutions to avoid phishing and electronic mail impersonation attacks is very worrying, particularly considering the frequency of email-based attacks.

30% of respondents said they were confident they had suffered an email-related data break in the past 12 months. 31% said that a data break involving electronic mail had most likely happened, 18% said it such an attack was likely to have happened. Just 17% of respondents said a data break involving electronic mail had not happened in the previous year.

Spam sieves are the main solution that companies use to avoid phishing electronic mails from being sent to their workers and they are extremely effective at obstructing email-based dangers, however, just 69% of companies use them. 31% of companies have no spam filter in position.

Even more disturbing is the lack of safety consciousness training. Workers can’t be expected to have the essential skills to let them find phishing electronic mails and other email-based dangers. Training is essential to make sure workers know what symbols to look for in electronic mails so they can identify phishing electronic mails. The survey indicated just 34% of firms provide anti-phishing training to their workers. 66% of firms provide no anti-phishing training at all.

In addition to spam sieves and worker training, other common cybersecurity solutions include safe electronic mail accesses, SIEM technology, DMARC, DKIM, and SPF, however, 15% of firms have not applied any of these measures to avoid phishing and electronic mail impersonation attacks and are really exposed.

Only 27% of firms said they were conscious who was using their domains in the form of electronic mails, just 15% of companies have created a safety infrastructure or plan for electronic mail security and 21% of firms said they were taking no steps whatsoever to avoid phishing and electronic mail impersonation attacks.  39% of respondents said their business is spending sufficiently to defend against email-based cyberattacks and scam.

If companies don’t invest in electronic mail safety solutions to obstruct phishing and electronic mail impersonation attacks, data breaks are likely to happen. As an earlier Ponemon Institute study indicated, the cost of data breaks is likely to be far in addition to the cost of paying for cybersecurity solutions to avoid breaks. In 2018, the average cost of a break of up to 100,000 records was $3.86 million.