Two Major Reasons We’re Failing at Cybersecurity
Good enough security is good enough no longer.
You use email constantly. It’s the lifeblood of communication, commerce and exchange of ideas across your organization. Imagine trying to do your job in 2018 without it. It’s impossible, isn’t it? It’s just supposed to work, and when it doesn’t, everything you do comes to a screeching halt.
Perhaps because of this, email remains the most visible, vital and ultimately vulnerable area where cybercriminals launch attacks to steal valuable corporate information and financial resources. It should come as no surprise these attacks isn’t slowing down.
According to new research from Mimecast commissioned by Vanson Bourne, 90% of global organizations have seen the volume of phishing attacks rise or remain consistent over the last 12 months. It doesn’t matter where the organization is located, what industry they’re part of or how many employees. No one is immune, and it’s not a matter of “if” but “when.”
Many have accepted not only the occurrence of attacks but the fallout from them as a fait accompli: 59% of organizations in the same survey now expect to suffer a negative business impact from an email-borne attack this year.
Unfortunately, many organizations simply aren’t prepared for how to prevent an attack or protect vital corporate information during and after one.
As a business world today, many of us are stuck in the past when it comes to the evolving nature of the threats we face every day. Whenever we think we’re ahead of the attackers and cybercriminals, they find ways to put us further behind.
We’re failing at cybersecurity. Here’s why.
People Are the Weakest Cybersecurity Link
When it comes to email-borne attacks, organizations must realize the importance of training, educating and preparing the people who use email the most (i.e. everyone who works at your company). Attackers love to use email as the mechanism to attack precisely because of the human element: humans make mistakes, and those mistakes can lead to successful attacks.
It begins at the top. Nearly 40% of IT decision makers in the survey agreed that their CEO is a “weak link” in their security operation. The same percentage believe their CEO “undervalues the role of email security” as a key security program element.
Additionally, 20% said they’d experienced a C-level executive sending sensitive information via email in response to a phishing attack in the past 12 months.
But what about the folks carrying out the day-to-day work of the organization? You know, the ones who depend on email to do just about everything? They must be trained to take the risk presented by email threats seriously. Yet time and again, this doesn’t happen.
Just 11% of organizations continuously train employees on how to spot cyberattacks. While 24% say they do monthly training, 52% only train employees once a year or quarter.
Why Defense-Only Email Security is Destined to Fail
Hackers are just too good, too clever and too advanced these days for a defense-only email security strategy to truly work. This is the approach that comes with putting all your security eggs in one basket with a platform like Microsoft Office 365™. Blindly putting your faith in your email service provider and its email security capabilities is a strategy doomed to lead to vulnerability.
They simply don’t provide all the security capabilities to keep an event from happening, the protection capabilities to preserve your critical email data, and perhaps most importantly for your employees, to keep your email going when there’s an cyberattack, technical failure or planned downtime.
The importance of having a high-availability solution in place is probably why 46% of organizations in the survey think maintaining email uptime is critical for business continuity after an cyberattack. You need more than just security to maintain that uptime.
Your Cyber Resilience Action Plan
If you feel like you’ve got a long road ahead to get your organization from cybersecurity failure to success, don’t panic. We’ve got an action plan you can follow to get started.
- Get C-level buy-in. Having the people at the top of your organization set the example for good security practices and making them believe investing in a plan is wise in the long run, will go a long way in promoting a strong cybersecurity strategy.
- Train your employees continuously. Sending an email once a year to remind employees to not click on phishing emails isn’t going to cut it. Make training on spotting cyberattacks a regular part of IT training to employees.
- Get a cyber resilience solution. Putting a solution in place that keeps out attackers with the most advanced cloud technology in the market is just the first step. You also need something that allows you to recover any data lost during an attack and continuity to keep email flowing during any disaster situation.
Cyber resilience for email doesn’t have to be a dream. It’s here.