TRENDING
Joshua Douglas, Vice President of
Threat Intelligence
opportunity and evolved the ways they are
targeting their victims. Domain-spoofing and
email-spoofing have become mainstream
attack vectors, according to the report.
Over half of organisations (54%) surveyed,
report anticipating an increase in web or
email spoofing and brand exploitation in the
next 12 months and it is a rising concern.
In fact, 74% of respondents in the UAE
feel concerned about a web domain, brand
exploitation, or site spoofing attack, and
80% are concerned about an attack that
directly spoofs their email domain.
It is critical for organisations to look beyond
their email perimeters to determine how
cyberthreat actors may be using and
damaging their brands online.
Yesterday’s threats are unwavering
year over year
Similar to years past, impersonation attacks,
phishing attempts and ransomware continue
to be a major problem, according to the
research. Seventy percent of UAE report
participants said phishing attacks remained
flat or increased in the last 12 months and
68% report the same of impersonation
attacks. This indicates that phishing is
potentially becoming more difficult to stop
or prevent due to more advanced tactics like
spear-phishing.
Ransomware also continues to wreak havoc,
two-thirds of UAE respondents (66%)
said ransomware attacks impacted their
organisation, citing data loss, downtime,
financial loss and loss of reputation or trust
among customers.
The need for a strong human defence
The State of Email Security 2020 report also
shines a light on the urgent need for a more
cyberaware workforce. Encouragingly, 100%
of the respondents’ organisations offer security
awareness training at varying frequencies and
formats. However, 74% of those surveyed
reported having been hit by malicious activity
spread from employee to employee, pointing
to the fact that the format or frequency of
these trainings could be the problem. With
frequent, consistent, engaging content that
humanises security, security awareness training
is an effective way to reduce risk inside the
network and organisation.
Top 10 takeaways from the State of
Email Security 2020 report – UAE
1. Leaders are beginning to understand
the email perimeter is constantly
under attack. The magnitude and
scale of possible attacks at the email
gateway is of concern to most; 66%
of respondents believe it’s inevitable or
likely they will suffer from an email-borne
attack in the coming year.
2. Impersonation, phishing and business
email compromise are increasing at
a concerning clip. 70% of respondents
reported the same or increasing phishing
at their organisations, and due to the
global pandemic, threat actors are
broadly using impersonation and BEC
to steal from unsuspecting users. The
Mimecast Threat Centre corroborated
this assessment – researchers saw a
staggering 30% jump in impersonation
globally from January to April 2020.
3. The effects of ransomware still aren’t
improving year over year. More than
two thirds of respondents experienced
a ransomware attack this year and an
average of two days of downtime.
4. Monthly security awareness training
is the best way to train employees.
Encouragingly, 36% of respondents
receive training monthly, but many
aren’t educating employees according
to best practices.
5. In the absence of security awareness
training, unsafe URL clicks and data
leaks will ensue. Mimecast Threat
Centre found that employees
from companies not using Mimecast
Awareness Training were more than
5X more likely to click on malicious
links than employees from companies
that did utilise the training. The risk
these clicks pose is significant: 74%
of respondents were hit by
malicious activity spread from
employee to employee.
6. Looking beyond your email
perimeter towards online brand
protection is a business issue that
can no longer be ignored. There’s
high awareness of the need to protect
your online brand and maintain
customer trust, but just because the
attacks aren’t visible to you, doesn’t
mean they’re not happening. 98%
of respondents already use or are
planning to roll out a DMARC strategy,
but it’s just one piece of the brand
protection puzzle.
7. Budget ownership for online brand
protection may shed light on how
quickly an organisation can respond
to an attack. Nearly all organisations
(98%) have a dedicated budget
for email spoofing, exploitation and
impersonation. Who manages the
budget, whether it’s the CIO, CISO, CFO,
CMO, can vary; what’s critical is the
partnership between the budget owner
and a savvy cybersecurity leader that
leads to the right knowledge base and
tools investment to detect and respond
to brand exploit.
8. You’re right to have growing concern
about web and email spoofing. On
average, there are six web or email
spoofing attacks per organisation each
year – and that’s just what they know
about. 54% of respondents anticipate
an increase in web or email spoofing in
2020, and around 77% are concerned
about direct brand exploitation or email
domain spoofing attacks.
9. If there’s one thing we all agree
on, it’s that cyber-resilience
strategies are necessary but still
incomplete. The majority (80%)
have a cyber-resilience strategy or
are actively rolling one out, and
respondents told us their strategies
26 INTELLIGENTCIO www.intelligentcio.com