Mimecast’s “The State of Email Security 2019” report shows continued challenges from compromised and careless users

Most organizations are heavily focused on protecting their organizations from inbound attacks coming directly from cybercriminals – often arriving via email -but not enough emphasis is being put on protecting against threats that originate from the inside. Figuratively, while you are defending the front door of your organization, you can get stabbed in the back.

Our recently released “The State of Email Security for 2019” report delved into the greatest email security challenges facing organizations today, including the internal threat issue. What we found via a global survey of IT and security leaders is startling:

  • 41% of organizations have seen increases in internally sourced threats/data leaks, year-over-year
  • 71% of organizations reported having seen attacks where malicious activity was spread from one infected user to another. This was up from the previous years’ report.
  • 86% of respondents reported that their organization had experienced threats/data leaks caused by careless employees.

What Does This Mean?

No one ever said securing an organization would be easy! With entry attacks focusing on credential theft and other forms of social engineering, and phishing proving so popular and successful, what do you think cybercriminals generally do after getting an initial foothold? After they land, they attempt to spread their attacks, using internally generated email-borne threats. Too many click on a link or open an attachment in an email from what appears to be a colleague or manager at the organization, and the negative aftermath soon follows.

And to make matters worse, 95% of security breaches are directly contributed to by human error. That’s right, your company has employees who, at times aren’t particularly cautious with your organization’s sensitive information or applications. In addition, malicious employees are another class of threat actor that must be considered, however rare they might be.

What Can You Do About It?

While there are no quick fixes or silver bullets, defending against internally generated threats can and should be part of your security program. In the areas of the email, the web, and user awareness and caution, Mimecast can help with our cloud-based security services and training programs. If you want to hear how some Mimecast customers have improved their protections against internally generated threats, I encourage to take-in this customer roundtable webinar.

SOES19_blog_footer.jpg

Matthew Gardiner

by Matthew Gardiner

Director of Enterprise Security Campaigns

Posted Jul 15, 2019

You may also like:

E-mailaanvallen in het echte leven: Voorbeelden voor uw weerstandsstrategie

Take lessons from the past in building y…

Take lessons from the past in building your organization's c… Read More >

Joshua Douglas

by Joshua Douglas

VP, Threat Intelligence

Posted Jul 09, 2019

Wat is de nettowaarde van uw cyberbeveiliging?

Calculating your cybersecurity net worth…

Calculating your cybersecurity net worth doesn't have to be … Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Jun 19, 2019

Dreigingsintelligentie de beste methodes voor slimme IT-afdelingen - Deel 2

Make your organization a harder target f…

Make your organization a harder target for adversaries to cr… Read More >

Joshua Douglas

by Joshua Douglas

VP, Threat Intelligence

Posted May 07, 2019