Barracuda's latest survey includes responses from over 600 executives, individual contributors and team managers serving in IT security roles across the globe, covering small, mid-sized and enterprise businesses across a wide range of industries.
The published report reveals key insights into these organisations' experiences with phishing, insider threats and Office 365, as well as the related business impacts, security spending, and the damages suffered from breaches.
In this blog we will be summarising some of the most stand-out findings, focusing solely on EMEA specific or global data, but you can also follow the link below to get your copy of the full report for a more in-depth understanding.
General Email Security
The main insight that reflects the current mindset of IT professionals when it comes to email security is that most are now feeling more confident in their security efforts than they were a year ago, despite the vast majority reporting email attacks continuing to have major impacts on their businesses - and even their personal lives.
Just looking at EMEA professionals, 52% reported feeling more confident in their security systems than they were 12 months ago, in contrast to 80% stating they had faced attempted email attacks in the same time frame.
Looking further into the report, it's clear that the effects of these on-going attacks are passing over into users' personal lives too - which is not the best exhibit of this apparent improvement of security:
- 38% of IT professional reported an increase in stress relating to their job
- 38% agreed with the statement 'I worry about potential email security issues even when I am not at work'
- 23% reported having to work over evening and weekends to address IT security issues
In Barracuda's full report you can find a detailed breakdown of how many of the participating organisations are currently implementing any of 9 common security solutions - however, we were more interested in how many of these companies weren't taking advantage of some of these technologies.
- 88% lacked Account Takeover protection despite 35% of Office 365 users reporting it as their biggest email security concern
- 87% had no dedicated Spear Phishing protection in place, despite 43% of organisations falling victim to these attacks within the past 12 months
- 75% did not use any automated incident response solutions, even though only 5% stated that their current remediation capabilities couldn't be improved
As mentioned above 43% of businesses reported falling victim to Spear Phishing attacks within the past 12 months, with the most common business impact experienced by those respondents being malware/virus infections at 43%.
Although Phishing is usually the centre of attention - and those numbers above are still suggesting inadequate defences - the report also uncovered a possible shift in concerns to Insider Threats.
79% of IT professions stated that they are worried about attacks and breaches stemming from inside the organisation, and these fears are definitely valid with most also reporting that their existing tools to combat this threat are lacking:
- 25% reported that they have some capabilities in place for this threat but that they are ineffective
- Only 9% stated their existing services would completely stop internal email threats
An overwhelming 90% of Office 365 users said that they have security concerns, with 86% agreeing that third-party email security solutions are essential to keep an Office 365 environment protected.
Interestingly, when asked what their biggest email security concerns were from 7 frequently seen options, the numbers were extremely similar across the board:
- Data protection and data loss - 40%
- Spam and malware - 37%
- System reliability and downtime - 35%
- Account takeover - 35%
- Spear phishing attacks - 34%
- Compliance concerns - 31%
- Ransomware - 30%