The human beings are the weakest link in any organization’s security chain, it’s largely because of the phishing campaigns, and a latest report from Mimecast, State of Email Security 2018, who found that the attackers will be continuing to target the end users which are email based attacks.
According to another report, this says that C-suite is making the businesses in danger. Around 40% of the respondents have agreed that in their organization the CEO’s is a “weak link” in their cyber security operation. Close to third, 31%, of C-level employees are reportedly very likely who has sent the confidential data to the wrong person mistakenly in the last year, compared to just 22% of general employees.
That confidential information is of course sent via email, accidently sharing the confidential data with the wrong party is not only the security risk as email is the ultimate gateway for ransomware attacks. Around 92% of the ransomware attacks were delivered via email the report from last year says that, which is resulting in average of downtime of longer than just three days.
Phishing is one growing issues as attackers do grow more sophisticated. The majority of the report from the last year which says that around 90% of phishing attacks is performed to the organization.
These attacks are not only just for a particular individual but it’s for everyone in the organization from the C-suite to the financial department and HR staff members to trusted third party vendors is a target by these types of attacks.
“Email based attacks are constantly evolving and this research demonstrates the need for organizations to adopt a cyber-resilience strategy that goes beyond a defense-only approach,” said Peter Bauer, Mimecast’s CEO.
“This is more than just an ‘IT PROBLEM.’ It does require an organization wide effort that brings together many stakeholders puts the right security solutions in place and empower employees from the C-suite to the reception desk to be the last line of defense.”
A huge email based attacks that are increasingly daily; the report has noted that the lack of the training to the employees is hurting the businesses. Surprisingly, only around 11% of the organization continuously train the employees on how to spot the cyber attacks, and more than half of the (52%) perform the training just once a year.
“Security awareness is an important part of any high functioning security program. But like all the security controls there is no silver bullet solution. The best security programs seek a balance between technical controls, boosting their human firewalls, and having IT enabled business process that are resilient to failures, whether man made or caused by technology,” Said Mattew Gardiner, cyber-resilience expert at Mimecast.