Despite major investments in cyber-security, email fraud continues to rise as cyber-criminals’ tactics become more advanced. Proofpoint researchers surveyed 2,250 IT decision makers across the US, the UK, Germany, France and Australia and found 75 percent of organisations were targeted at least once by email fraud, in the last two years and 41 percent said their business had been targeted multiple times, according to Proofpoint’s Understanding Email Fraud: A Global Survey report.
Fortunately governments are recognising the need to address the threat and are pushing to promote and in some cases mandating the use basic email authentication to protect businesses and citizens. The push has led to 47 percent of those surveyed getting the budgets they need to deploy email fraud protection. Unfortunately, cyber-criminals are growing more effective at evading traditional security tools.
The US is the most targeted, with 84 percent of respondents of the country reporting one or more attacks followed by Australia with 80 percent reporting having been attacked. Researchers didn’t find any correlations between the size of business and the likeliness of attack suggesting all businesses are at risk.
“We found that email fraud is pervasive, disruptive, and in many cases, catching businesses unprepared,” researchers said in the report. “Just 40 percent of survey respondents say they have full visibility into email fraud threats in their environment, and even fewer have controls in place to stop them.”
The public sectors push has been so effective that the three countries with the highest levels of email fraud protection—the US, the U.K. and Australia—are those whose governments have pushed businesses most strongly to deploy such safeguards. Germany however, appears to be the least targeted country
In addition, 77 percent of respondents were worried their company would be targeted by email fraud within the next 12 months. For those who had experienced attacks within the last two years, 56 percent reported the incident resulted in downtime and disruption, 33 percent said the attack resulted in lost funds, and 24 percent said it resulted in the firing of personnel.
Boardrooms are taking notice to the threat, 82 percent of respondents said the threat is a concern for board members and executive teams while 59 percent consider email fraud one of the top security risks to their business. To address the concerns 57 percent of organisations implemented a user-awareness programme on phishing, 43 percent have implemented email authentication, 48 percent have created third party policies to protect their supply chain and 23 percent have purchased cyber-insurance. There was no clear winner when asked which department is most at risk of attacks with 55 percent saying the financial team, 43 percent saying accounts payable, 37 percent saying the c-suite and 33 percent saying the general workforce.
Email authentication is just one of the first steps in protecting ones organisation from compromise. Data protection and transferring the risks were other methods listed to help organisations combat the threat of email fraud. In addition, the study found organisations still need to overcome the obstacles presented by a lack of technical understanding, lack of budget, the technical complexity of a company’s email ecosystem, a lack of awareness, and a lack of executive sponsorship for the projects at hand present significant hurdles.
Author – Robert Abel