©buchachon/ISTOCK/THINKSTOCK
According to a survey of IT professionals by email management company Mimecast, nearly two-thirds of decision-makers believe email attacks pose a high threat to their organizations, but almost an equal percentage say they don’t feel equipped or capable to cope with email-related security risks.
More than eight in 10 respondents say email is one of the most common sources of cyber attack, but 63 percent say their organizations are ‘somewhat’ secure, and only 24 percent believe their email infrastructure is secure.
Part of the challenge is the evolving nature of email-based attacks, which become more sophisticated as defenses are installed against current threats.
For instance, relatively unsophisticated phishing attacks that try to trick users into clicking links that install malicious software or to capture users’ log-in credentials are being supplemented with “spear-phishing” attacks aimed at specific users, or social engineering efforts in which users are tricked into revealing sensitive data via phone or email messages.
Mimecast offers the following suggestions for enhancing email security:
Understand evolving threats: IT security pros who haven’t experienced an attack tend to focus on viruses and malware, while those that have been attacked are likely to more concerned with ransomware, spear-phishing and social engineering threat vectors.
Promote C-suite collaboration: Respondents say collaboration with senior executives plays a role in promoting security, with those saying the C-suite has engaged with email security correlating with respondents expressing a higher degree of security confidence.
Upgrade email software: Older software is more likely to have known security vulnerabilities. A quarter of respondents say their organization uses Exchange 2010, which ended mainstream Microsoft support in January 2015. Respondents with higher degrees of security confidence reported newer email systems or having migrated to cloud-based options.
Defend internal threats: While perimeter security solutions such as anti-virus, anti-malware and anti-spam products remain important, IT pros should also focus on training, policies and tools (such as data leak prevention products) to reduce threats from accidental or deliberate exposure of sensitive information by employees, business partners or other trusted users.