Cloud Email Security Concerns

GreatHorn Report: Cloud Email Security Concerns

Cloud Email Security Concerns

“The Cloud Email Security Challenge: Closing the Cybersecurity Skills Gap Through Automation.” The company analyzed more than 3.5 terabytes of data – over 373 million corporate emails – from its proprietary data cloud to gain insights into the sheer volume of email threats facing enterprises and the role of automated tools in helping them keep up with that challenge. GreatHorn found that the average enterprise receives 3,680 messages containing threat characteristics that require review, investigation and (if applicable) remediation per week. Without automated tools, the company estimates that task would take a security team roughly 305 hours to complete.

2017 GreatHorn Cloud Email Security Challenge While nobody loves using it — see employees exchanging quips on their fruitless efforts to reach “Inbox Zero” and media headlines heralding newer, trendier apps as “email-killers” — email is still the most common form of communication in the business world. A recent study predicts that over one third of the population (or slightly more than 2.9 billion people!) will be using email by the end of 2019.

Given its integral role in the business world, it comes as no surprise that the adoption rate of email security technology is nearly 100%. Despite this universal investment in securing email, however, breaches are still occurring — and at increasing rates.

Here are some interesting discoveries:

  •  3,680 emails a week contain threat characteristics
    1. GreatHorn confirmed that enterprises receive approximately 3,680 emails in a week that contain threat characteristics.
    2. GreatHorn took the average amount of time (5 min.) it takes for a security admin to review an event, confirming it would take a company 305 hours/12+days to investigate this threat versus using an automated cybersecurity tool.

  •  Cybercriminals’ Phishing Weapons of Choice
    1. The primary characteristics of emails that were flagged were direct spoofs (37.5%), authentication risks (31.25%), display name spoofs (12.5%), domain lookalikes (6.25%) and messages with the keywords “W2” and “Wire Transfer” (both 6.25%, respectively).
  • Hackers are increasingly targeting business communications in their attacks.
    1. Social engineering attacks were utilized in 43% of all breaches in 2016.
    2. These attacks are bypassing today’s legacy email security tools, and employee training efforts aren’t good enough to stop modern attacks.
  • We can’t train our way out of this…
    1. Security awareness training is necessary, but security teams can’t detect, analyze and respond to literally every suspicious email their organizations receive.
    2. Among all tracked breaches in 2015, the statistical difference between organizations who received training and those who didn’t was only 4%.
    3. The shortage of qualified professionals leaves many organizations unable to find and hire the people they need in a timely fashion. 
  • Massive gap in cybersecurity talent
    1. Enterprise IT and information security teams find themselves facing resource limitations- a deficit of qualified workers – unable to find and hire the people needed in a timely fashion (if at all).
    2. 55% of security positions take at least 3 months to fill; 32% take six months or more and over a quarter of all US-based enterprises can’t fill their positions at all.
    3. 1.5 million cybersecurity roles are unfilled today and we are on track to reach 2 million unfilled roles by 2019.
  • Time is of the essence – automation is a force multiplier
    1. Attackers compromise an organization’s defenses in minutes and exfiltrate data in just days.
    2. Using automated data science techniques to assess trust during users’ interaction, rather than blocking malicious attacks at the perimeter is key.
  • Automated protection at scale
    1. GreatHorn’s Inbound Email Security platform analyzed over 3.5 terabytes of enterprise mailbox data, as a risk profile of an average Fortune 500 organization to demonstrate how cybercriminals attack an enterprise.
  • Increasing efficiency through automation
    1. The bottom line: even if you don’t experience a large-scale breach, targeted phishing is still costing you — in money as well as time, resources, and risk.
    2. Automation saves time and enables better allocation of human capital, providing increased accuracy and detection capabilities.

By Glenn Blake

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

CONTRIBUTORS

Infosec thought leaders

Cryptocurrencies and Ransomware: How VDI Can Help Defend Against the Next Ransomware Attack

Cryptocurrencies and Ransomware The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put ...
Istio 1.0: Making It Easier To Develop and Deploy Microservices

Istio 1.0: Making It Easier To Develop and Deploy Microservices

With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the ...
Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning

Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning

Machine Learning Explained Once we start delving into the concepts behind Artificial Intelligence (AI) and Machine Learning (ML), we come ...
Everyone Has Data, but the Ones Who Can Optimize It Will Be the Winners

Everyone Has Data, but the Ones Who Can Optimize It Will Be the Winners

Big Data Strategies Data is ubiquitous, but success apparently isn’t. Companies using big data strategies are running headlong into an 85 ...
CloudTweaks Q&A: How Smart Will Your City Be by 2025?

CloudTweaks Q&A: How Smart Will Your City Be by 2025?

How Smart Will Your City Be by 2025? What role does back end infrastructure play in connecting IoT devices? Probably ...
Four Trends Driving Demand For Data Security In 2017

Four Trends Driving Demand For Data Security In 2017

Data Security Trends 2017 will be a hallmark year for security in the enterprise as all industries have reached a ...
Small Businesses CAN Compete Using The Cloud

Small Businesses CAN Compete Using The Cloud

Small Businesses Cloud In the past, small business owners had to either run applications or software that was downloaded physically ...
The UK Tech Sector: The Gender Gap

The UK Tech Sector: The Gender Gap

The Tech Sector Gender Gap In conversation with Co-Founder and Creative Director of North West Web Design Studio, MadeByShape Andy ...
MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape Mapping the customer journey is one of the biggest strategic shifts currently underway in the marketing industry ...
Jonathan Ring

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to ...