Phishing on The Rise as Email Security Stalls

Travis Good
May 25, 2021

The last year was transformative for many businesses, as COVID shutdowns forced brick-and-mortar businesses to pivot to a digital presence and digital businesses began seeing more traffic than ever before. With increased attention comes an increased potential for phishing attacks -- and so far, email security hasn’t caught up to that trend.

Security experts at Mimecast laid out the recent State of Email Security white paper. The detailed report provides an insightful commentary to help IT security personnel stay on top of the growing threat to email security and better secure enterprise IT email programs.

Phishing Threats Rose in 2020

As employees began working from home, network security became more difficult to manage, leading to a stark increase in email threats. Some sobering statistics included:

  • Threats via email rose more than 64% 
  • Employees clicked on three times more malicious emails than before 
  • About 13% of companies lack an email security system

With phishing at a high and email security tools still lagging behind, many companies are at risk for a cyberattack that could have profound effects on their business.

Factors For Increased Phishing

The report found a marked increase in phishing attacks during the pandemic, but the specifics are more subtle. Some of the factors include the use of collaboration tools -- which may expose archived business conversations to bad agents -- and increased use of personal networks and devices. With more freedom and a more casual atmosphere, some employees participate in careless web browsing and accidental sharing of sensitive information, increasing the risk.

Employee behavior may also play a role. When asked about internal flaws in cybersecurity, 

  • 70% said poor password hygiene put companies at risk
  • 1 in 5 said their company provides ongoing, or continual, cyber awareness
  • 79% said their company had experienced a disruption or setback due to a cyber attack

Other research backs up this notion. A recent Stanford University study that found 88% of data loss situations are caused by employee mistakes.

When Increased Security Pays Off

Although the last 12 months have been difficult for many companies on the cybersecurity front, Mimecast shared a promising outlook. Awareness is a solid first step to changing employee attitudes about cybersecurity. About 91% said they were concerned about a potential attack, increasing from 84% last year. When employees know the implications of these attacks, they may be more likely to comply with email security measures and think twice before clicking a suspicious link.

Companies seem to be more concerned as well and are taking measures to secure email better. More than 92% said their company planned or began the process to add services like DMARC -- Domain-based Message Authentication, Reporting and Conformance -- and 77% of those companies had already deployed this service. 

Preventing Future  Attacks by Improving Email Security

While companies still face challenges, increased awareness and training can change the future of cybersecurity. In combination with a return to the office in 2021, companies need to rethink strategies to help minimize the risk of phishing attacks in our new hybrid work environments/