Mimecast: State of Email Security Report 2023
Month: March 2023
Publish Date
22/03/2023
Categories
Blogs Hot Topic
Mimecast Finds C-Suite is Now Ready to Confront Cyber Threats
The much-anticipated ‘State of Email Security 2023’ report from cloud cybersecurity experts is out. Mimecast reveals a breakthrough in Boardroom attitudes towards cybersecurity & a greater C-suite willingness to confront cybersecurity risks.
The report, collated from a survey of over 1,700 I.T. and C-suite professionals across 13 countries including Saudi Arabia and the UAE, is the largest sampling in Mimecast’s report history. It shows management now ranks cybersecurity threats as bigger business risks than inflation.
C-suite respondents now views digital risk as unacceptable. They have expressed concern over disruptions which can result from emerging technologies and the shared risks of the networked economy.
The Findings:
- 2/3rds of respondents admit their companies need to spend more on cybersecurity.
- More than half (59%) acknowledge cyberattacks are becoming more sophisticated.
- 2/3rds have fallen victim to a ransomware attack.
- 97% have been targeted by email-based phishing attacks.
- 92% are either using or plan to use AI & machine learning to bolster cybersecurity.
- 72% expect to be harmed by a collaboration-tool-based attack.
Why The Threat Is Increasing:
Mimecast says supply chain vulnerabilities, growing online collaboration and digital networking are making the cyber landscape more treacherous. Multi-stage, multi-vector attacks are becoming the norm and the smallest of security shortcomings can have devastating effect. The average cost of a data breach is now US $4.35 million, while it can take 212 days to detect it and another 75 to contain it.
The Threats:
Email remains the primary attack route and with more emails, comes a bigger threat. The emergence of collaboration tools is opening a new threat pathway. Three-out-of-four (76%) respondents expect an email-borne attack will seriously impact their organization in the coming year. The main email-borne threats are phishing, ransomware, and spoofing with collaboration tool pathways entering the fray.
- Phishing: It’s now responsible for 90% of corporate security breaches
- Ransomware: 8 out of 10 respondents have been damaged by ransomware attacks which are specifically targeting smaller companies in consumer services, energy, healthcare, media, and entertainment.
- Spoofing: Nearly all respondents (91%) were aware of attempts to misappropriate their email domain, with the public sector being particularly targeted. Web domain spoofing is widespread. Only 29% of respondents say they are fully prepared to fend off illegitimate uses of their email domains and though 88% say their companies are interested in using Domain-based Message Authentication, Reporting and Conformance (DMARC) in the next 12 months to thwart email spoofing, only 27% have deployed it.
- Collaboration: The New Risk Route: While everyone agrees collaboration tools are now a business essential, more than half (55%) say they are opening a new risk route with employees downloading unapproved tools. 72% believe their organization will likely be hit by a collaboration-tool-based attack this year.
Under-funding Increasing The Risk:
66% of respondents admit their organization’s cybersecurity budget is under-funded and largely unchanged from 2022 despite the increasing threat and a modest under-resourced gap of around 8%.
Solutions:
AI & ML
AI and machine learning, that provide real-time, contextual warnings to email and collaboration tool users, can help you stay ahead of the cyber criminals. They can deliver more accurate threat detection, improve the ability to block threats and more quickly remediate attack damage. The criminals are using AI – you should too.
An Aware Workforce
Over 95% of all data breaches are due to human error – you must foster a cyber-savvy workforce. Regular, best-in-class training is essential. Cyber-security is the responsibility of all, not just the I.T. team!
Where Now?
The Mimecast 2023 report stresses that cyber-security insurance is no substitute for a cyber-security preparedness plan. Do you have one in place? Has it kept pace with the threats? Does it include employee awareness training? If you would like advice from our cyber security experts who can assess your security posture and make recommendations, including access to the best training in the market, get in touch now on +97144553100 or email: sales.uae@cobweb.com. Call us now and stay safe!
