Cloud Email Security Concerns
“The Cloud Email Security Challenge: Closing the Cybersecurity Skills Gap Through Automation.” The company analyzed more than 3.5 terabytes of data – over 373 million corporate emails – from its proprietary data cloud to gain insights into the sheer volume of email threats facing enterprises and the role of automated tools in helping them keep up with that challenge. GreatHorn found that the average enterprise receives 3,680 messages containing threat characteristics that require review, investigation and (if applicable) remediation per week. Without automated tools, the company estimates that task would take a security team roughly 305 hours to complete.
2017 GreatHorn Cloud Email Security Challenge While nobody loves using it — see employees exchanging quips on their fruitless efforts to reach “Inbox Zero” and media headlines heralding newer, trendier apps as “email-killers” — email is still the most common form of communication in the business world. A recent study predicts that over one third of the population (or slightly more than 2.9 billion people!) will be using email by the end of 2019.
Given its integral role in the business world, it comes as no surprise that the adoption rate of email security technology is nearly 100%. Despite this universal investment in securing email, however, breaches are still occurring — and at increasing rates.
Here are some interesting discoveries:
- 3,680 emails a week contain threat characteristics
- GreatHorn confirmed that enterprises receive approximately 3,680 emails in a week that contain threat characteristics.
- GreatHorn took the average amount of time (5 min.) it takes for a security admin to review an event, confirming it would take a company 305 hours/12+days to investigate this threat versus using an automated cybersecurity tool.
- Cybercriminals’ Phishing Weapons of Choice
- The primary characteristics of emails that were flagged were direct spoofs (37.5%), authentication risks (31.25%), display name spoofs (12.5%), domain lookalikes (6.25%) and messages with the keywords “W2” and “Wire Transfer” (both 6.25%, respectively).
- Hackers are increasingly targeting business communications in their attacks.
- Social engineering attacks were utilized in 43% of all breaches in 2016.
- These attacks are bypassing today’s legacy email security tools, and employee training efforts aren’t good enough to stop modern attacks.
- We can’t train our way out of this…
- Security awareness training is necessary, but security teams can’t detect, analyze and respond to literally every suspicious email their organizations receive.
- Among all tracked breaches in 2015, the statistical difference between organizations who received training and those who didn’t was only 4%.
- The shortage of qualified professionals leaves many organizations unable to find and hire the people they need in a timely fashion.
- Massive gap in cybersecurity talent
- Enterprise IT and information security teams find themselves facing resource limitations- a deficit of qualified workers – unable to find and hire the people needed in a timely fashion (if at all).
- 55% of security positions take at least 3 months to fill; 32% take six months or more and over a quarter of all US-based enterprises can’t fill their positions at all.
- 1.5 million cybersecurity roles are unfilled today and we are on track to reach 2 million unfilled roles by 2019.
- Time is of the essence – automation is a force multiplier
- Attackers compromise an organization’s defenses in minutes and exfiltrate data in just days.
- Using automated data science techniques to assess trust during users’ interaction, rather than blocking malicious attacks at the perimeter is key.
- Automated protection at scale
- GreatHorn’s Inbound Email Security platform analyzed over 3.5 terabytes of enterprise mailbox data, as a risk profile of an average Fortune 500 organization to demonstrate how cybercriminals attack an enterprise.
- Increasing efficiency through automation
- The bottom line: even if you don’t experience a large-scale breach, targeted phishing is still costing you — in money as well as time, resources, and risk.
- Automation saves time and enables better allocation of human capital, providing increased accuracy and detection capabilities.
By Glenn Blake