Email is part of our everyday life, especially in the workplace. It is an indispensable tool used for communications and marketing. It allows us to send files and document, discuss strategy, and keep in touch. Even in the era of Zoom, email has continued to thrive. In 2020, over 4 billion people used email, with 86% of professionals using the tool to distribute business content.
Where a popular technology exists, cybercriminals follow. Because email is so ubiquitous and trusted as a communication medium, it makes the perfect vector for cybercriminals to attack an organization or for accidental data exposure to happen. This fact is being borne out in a new report that offers evidence that remote working is exacerbating the problem of email and data exposure.
The email channel has been co-opted by the cybercriminal with a whopping 95% of IT leaders stating that their data is at risk from the email channel. Further to this, 83% of organizations admitted to a data breach via email in the last 12-months. These data, from the Egress report, describe a crisis in the use of email. But email is unlikely to be replaced by any other technology any time soon. Limitations in other mediums that could be used as an email replacement include an inability to audit and govern data. Email will continue to be a roadway, into and out of, a company. This roadway is exploitable, and under the normal pressures of any mass-use system; this includes accidents and simple misuse because of human behavior and poor security awareness.
To mitigate the risk of email, an understanding of the threats and misuse of email is necessary. The report found three key vectors, that together form a perfect storm of vulnerabilities inherent in the use of email, especially within the given circumstances surrounding remote working and the Covid-19 pandemic.
The pandemic has created a dilemma. Employees working from home have reported feeling unwell and as a result, email mishaps have happened. The report found that around 73% of employees reported feeling stressed and fatigued during the pandemic; this, in turn, increased the risk level of accidental data exposure. Another issue playing into the accidental exposure issue is the distractions that come with home working. The report found that 60% of employees admitted to working in “frustrating environments” and that confidentiality was a risk factor, especially in shared office spaces.
The result of remote working under a pandemic situation is that in 24% of cases, an email data breach was caused by data being inappropriately or accidentally shared. In total, 59% of respondents said that they had experienced a data leak via email, since the implementation of pandemic-related remote working.
Exacerbating the risk level of email-based data leaks is the fact that in the last year email use has increased. The survey found that 85% of employees were using more email in the last 12-months.
Increased use of email increases the risk of accidental data exposure, just because of the sheer number of emails sent and received each day. Increased use of any technology also makes it an attractive proposition to fraudsters. If email is a way into an organization, fraudsters will find a way to make use of that. This is borne out by further research showing that spear-phishing email attacks increased by 667% during COVID-19.
The inherent threat in the mass use of a technology, such as email, requires robust detection to prevent those threats from becoming incidents. One serious concern highlighted in the study is that, whilst 79% of IT leaders used email DLP (data loss prevention) tools, 42% of the respondents noted that half of all incidents would not be detected using these static DLP tools.
In other words, static, legacy, detection mechanisms are being outwitted by the very dynamic nature of modern cyber-threats, including accidental exposure.
Of all the issues found by the researchers, this last one is of great concern in terms of the prevention of email-borne threats. The workplace is a dynamic environment as the pandemic has so clearly demonstrated. The way to prevent present and future threats is by the application of a smart and more dynamic system designed for modern email cyber-threats. View Email Security Pricing Guide.
The report pulled together three key points, each having an impact on the other, to create a perfect storm of email as a vulnerable system that is ripe for attack. The mix of accidental exposure, increased dependence on email for communication, and poor threat detection is a tripartite that needs to be broken.
Email use will continue to be important, and employees will continue to have accidents. The way forward in moving the dial in email-borne threat detection is to change the third perspective and apply robust detection of email threats. Email threat detection and mitigation tools designed for the modern email-borne threat covers can break the cycle of email-based data leaks.
SpamTitan Email Protection blocks spam, viruses, malware, phishing attempts and other email threats from harming your organisation. Try SpamTitan for 14-days and discover how it can protect your organization from advanced threats. Start SpamTitan free trial.
Sign-up for email updates...