Business Email Security

5 Amazing Facts about the State of Email & Information Security

Email is a critical component of modern business communications. For companies of nearly any size, email communications are an essential tool for internal and external communications, productivity and more.

Despite the immense importance of email to modern businesses, it’s become clear that email is also an enormous source of risk for information (IT) security.

Over the past year, the average cost of a corporate data breach increased 15 percent to $3.5 million. For each “record” or set of customer data stolen, companies can anticipate an average of $154 in clean-up costs and reputation damage. It’s become increasingly clear that protecting your organization from email crime threats isn’t just smart, it could be critically important to your bottom line.

The following are five fascinating statistics on the state of corporate email security, and what they mean for your organization.

1. Spear Phishing Grows 55%

Per Symantec, spear phishing attacks grew 55 percent over the past year, and organizations are likely to be targeted multiple times per year. Large companies aren’t the only ones at risk. Small and mid-sized businesses need to brace themselves for more sophisticated attempts at social engineering in the year to come.

Norton defines spear phishing as email spam that’s built on a sense of familiarity. Instead of a clearly spam-laden message, it’s disguised as an important communication from a friend or known brand.

2. The Threat Vector Is Expanding

While your organization works to increase awareness and protection, cyber-criminals are hard at work trying to stay one step ahead. Currently, nearly one million new variants of email threats are released on a daily basis. It’s critical to take a comprehensive approach to prepare for emerging threats, based on the complexity of risks companies face.

3. Outbound Threats Are Real

Human behavior is a crucial risk factor that many companies overlook. In fact, 21 percent of employees have admitted to sending sensitive information through email without any form of encryption. This can leave companies vulnerable to data breach if the information is leaked by the recipient or intercepted.

Information security leadership must clearly define policies and procedures for the transmission of sensitive information. Employees should be educated and empowered to make the right choices when it comes to communicating personal identifying information, credit card numbers and other forms of risky info.

Business Email Security

4. Email Compromises Are Expensive

Overall, SANS writes that the official cost of email information security breaches in the U.S. over a 10-month period was $1.2 billion. Even more frighteningly, that “estimate is likely low.”

This figure encompasses a wide range of email threat categories, from service disruption to zero-day malware attacks. Regardless of the type of vulnerability, modern organizations are well aware that a data breach can result in millions of dollars in clean-up costs, damage to their reputation and customer defection.

5. It Could Happen to You

Twenty-two percent of organizations experienced a data breach related to email in the past year. While many organizations have appropriate training programs and safeguards in place, it’s clear that many others are at risk of a first-time or repeated IT security attack taking hold.

Despite increased adoption of encryption and filters at companies of all sizes, cyber-criminals are still breaking through technical barriers. It’s clear that information security and email protection require constant vigilance, monitoring and attention to protect your organization.

Conclusion & IT Security Solution:

Today’s information (IT) security threats rarely contain simple malware in any obviously spam-ridden email from a Nigerian Prince. They’re more likely to look like a legitimate email communication from a friend or institution that your employees know and trust. Protecting your company against modern risks requires a comprehensive approach to information security, including the right technical safeguards and education programs for your employees.