Email Threats Making You Bleed Money
- By CDOTrends editors
- February 21, 2023
Emails continue to be a primary source of security attacks, with the average costs for companies that fell victim to such an attack reaching new heights.
A survey conducted by Barracuda Networks, Inc., a security solutions provider, revealed this information in its 2023 Email Security Trends report.
The report surveyed hundreds of IT professionals in the U.S., EMEA and APAC regions, showing that 75% of companies had experienced one or more successful email attacks in the last year, with the average potential cost of such an attack surpassing US$1 million.
Costs of email-based attacks have risen dramatically, with 23% of respondents citing a significant rise in the cost over the last year.
The fallout of an email security attack can cause significant damage to companies. Survey results showed that the most widely reported effects were downtime and business disruption (affecting 44% of those that had been hit), the loss of sensitive, confidential, and business-critical data (43%), and damage to brand reputation (41%).
Furthermore, results also showed notable differences between industries. The top impact for financial services companies was the loss of data and money to attackers (cited by 59% and 51% of victims, respectively). In manufacturing, the top impact was the disruption of business operations (53%).
Healthcare institutions were hit particularly hard regarding recovery costs involved with getting systems back up and running (44%). Organizations with more than half their employees working remotely faced higher risk and recovery costs.
“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals. We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures,” said Mark Lukie, director of solutions architects for APAC at Barracuda.
Companies are underprepared
Barracuda's survey also uncovered that companies all around the world are lacking in their ability to deal with a range of security threats, including malware (34%), sophisticated email attacks like account takeover and business email compromise (28%), and even basic issues such as spam (28%).
“Email-based attacks can be the initial access point for a wide range of cyberthreats, including ransomware, information stealers, spyware, crypto mining, other malware, and more. It is not surprising that IT teams around the world don’t feel fully prepared to defend against many email-based threats. Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organizations and their employees protected in 2023 and beyond," Lukie added.
Image credit: iStockphoto/Gearstd