Email is still one of the most successful attack vectors for criminals looking to breach a company.
A new report from email security solutions provider Hornetsecurity Group, based on a poll of 420 firms, says that one in four businesses suffered an email-related security breach in the past year.
In 36 percent of cases, these email-related breaches were caused by phishing attacks. For Hornetsecurity, this is clear evidence of end-users being “the weakest point of any security system”. Of all the security breaches reported in the last year, 62 percent revolved around user-compromised passwords and phishing attacks.
When targeting companies, criminals usually go for those with at least 200 employees – and no more than 1,000. The researchers believe this is due to factors like budget and recruitment policies, which push cybersecurity down the priorities list for firms in this sweet spot.
The report also asserts that companies aren’t doing all they can to protect themselves. More than half (54 percent) still haven’t implemented conditional access rules or multi-factor authentication.
In many cases, they don’t have a clear idea whose responsibility email security really is. Two in every three respondents that use Microsoft Office 365 expect the software company to keep them safe from email threats, while half of all respondents expect third-party solutions to do the work.
Organizations that use third-party solutions reported the lowest rate of email security breaches, the report states.