Email security: A critical concern in today’s business world
- According to Barracuda, 75% of organizations surveyed experienced at least one successful email attack within the past year.
- Downtime and business disruption were the most frequently reported consequences of email attacks.
Despite being the most important means of communication in the business world, with billions of emails exchanged daily, email security is frequently neglected. This can lead to a false sense of security and complacency, which makes email an attractive target for cyberattacks that exploit the trust between colleagues and organizations.
Attackers use cutting-edge technologies like machine learning to bypass basic security measures, highlighting the necessity of prioritizing email security to safeguard sensitive information and prevent potential data breaches.
Email security is a crucial aspect of modern-day communication that must be prioritized as the cost of email-borne security attacks continues to rise. Barracuda Networks, Inc. estimates that affected organizations face an average cost of damages of US$1 million, emphasizing the significance of securing email communications.
Barracuda’s 2023 Email Security Trends report, which polled hundreds of frontline IT professionals across the US, EMEA, and APAC, discovered that 75% of organizations surveyed had suffered at least one successful email attack in the last 12 months. The report reveals, according to 23% of respondents, that the cost of these attacks has risen significantly in the past year. It also provides insights into the impact of email-based security attacks on organizations worldwide.
The effects of email security breaches are significant, with downtime and business disruption, loss of sensitive data, and damage to brand reputation. The report offers a global perspective on the impact of email-based security attacks on businesses. Barracuda notes that an email security attack can have substantial consequences, with the most frequently reported effects being business disruption and downtime, which affected 44% of those impacted. Other reported effects were the loss of sensitive and business-critical data (43%) and damage to brand reputation (41%).
The findings reveal significant variations among industries. Financial services entities suffered the most from data and monetary losses caused by hackers (reported by 59% and 51% of victims, respectively), while manufacturing’s primary concern was business operations disruption (53%). Healthcare institutions’ major challenge was the expenses incurred in quickly restoring their systems (44%). However, businesses with more than 50% of their employees working remotely, regardless of size or industry, experienced more significant risks and recovery expenses.
With the flexibility of remote work comes greater security risks. Companies struggle to enforce security policies for remote workers consistently while permitting them to access vital business applications and data necessary to carry out their day-to-day tasks, frequently from their personal devices. This risk widens the attack surface available to cybercriminals and can cause significant delays in detecting, responding to, and recovering from cyberattacks.
The state of email security in APAC
Over the past few months, email-based attacks have been in the spotlight in the APAC region. One is Dark Pink, a hacker group that used targeted phishing emails to breach government and military organizations in Southeast Asia. The Singapore Police Force also reported significant losses amounting to SGD$501 million due to the increasing prevalence of cybercrime, with email phishing comprising the majority of attacks in the previous year.
Another instance involved cyber attackers hacking Singapore’s watchdog mail server and posing as its officers, sending phishing emails to over 5,000 consumers, demanding payment for supposed monetary compensation.
According to reports, the APAC region identified more than 50% of the malicious emails in five countries, with Vietnam recording the highest number of spam emails at 3.09 million, followed by Malaysia at 2.36 million, Japan at 1.86 million, Indonesia at 1.8 million, and Taiwan at 1.45 million.
According to Mark Lukie, Director of Solutions Architects, APAC at Barracuda, email’s widespread use and reputation as a trusted communication channel make it an attractive target for cybercriminal
“We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures,” he said.
In addition, he noted that email-based attacks could serve as the entry point for an array of cyberthreats, such as ransomware, spyware, information stealers, crypto mining, and other types of malware. Given the scope of these email-based risks, it is unsurprising that IT teams worldwide do not feel entirely equipped to protect against them.
“Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organizations and their employees protected in 2023 and beyond,” he concluded.