As a corporate leader or business professional, do you worry about employee exposure to (and potential corporate damage from) malicious emails? If you are concerned, is anything being done about it?
If the answer is “Yes” and “No,” you are not alone. Per a 2020 Global Insider Data Breach study, 97% of IT leaders say insider breach risk is a significant concern, and 78% think employees have put data at risk accidentally in the past 12 months. (Perhaps most disconcerting, 75% think employees have put data at risk intentionally, by ignoring policies or worse.)
Yet, when asked what security tools firms have in place to mitigate insider breach risk, only half of IT leaders said they are using anti-virus software to combat phishing attacks. Even fewer are using email encryption (48%). While some experts believe this indicates IT leaders are resigned to the inevitability of insider breaches because they don’t have adequate risk management in place, we at Novatech aren’t giving up, yet.
The penalties for a data breach make a strong case for organizations to have better visibility and coverage of their risk vectors — especially one that is targeted as heavily as email. Expecting employees to self-report is clearly not a success strategy. The question then becomes, where do we start?
Email: A Top Risk Vector That’s Only Becoming a Bigger Problem
To help you consider this issue, let’s look at a few more statistics.
- 41% of employees who accidentally leaked data said they had done so because of a phishing email.
- 31% said they caused a breach by sending information to the wrong person, for example, by email.
In other words, even people accidentally sharing data with incorrect recipients is leading to data breaches. Furthermore, most phishing attacks aren’t only targeted at gaining information. They can be used to distribute malicious programs, such as ransomware. That’s why email attachments are still the prime delivery method for malicious programs.
Other employee activities that can inadvertently lead to data breaches include adding the wrong attachments to outgoing messages or not using encryption tools correctly (or at all). Ready for a final shocker? 78% of directors have intentionally shared data against company policy in the past year, compared with just 10% of clerical staff.
We understand that these are not very comforting facts. However, we think the best way to persuade staff (and maybe a few directors) of the importance of email security is to give them a reality check. Following are five really scary stats for you to share. Let us know if they help.
- Sophisticated phishing emails go unidentified by 97% of users .
- Only 3% of users report phishing emails to their management.
- In 2020, phishing sites skyrocketed. In Q1 2020 alone, their numbers surged 350%. By January 2021, Google had identified 1 million phishing sites.
- Among email users, 56% will click on an unknown links in an email, even though they understand the potential dangers.
- In 2020, 1001 data breaches were reported, resulting in accidental revelation of sensitive information for 155.8 million
We have many more of these statistics to share with you, if you would like to distribute them to your personnel. Even better, why not let us give you a complimentary cybersecurity evaluation? We can custom-match your program deficiencies to our 15-layer cybersecurity defense, which will help you close all your security holes. To learn more, please call 800.264.0637