Securing email continues to get more difficult as companies believe data breaches occurred because of attackers impersonating email.
While companies acknowledge this is a problem, they are not doing nearly enough to prevent future impersonation attacks, according to a new study conducted by the Ponemon Institute.
“With the dramatic rise in impersonation attacks as a primary vector for cyberattacks, companies are re-assessing the balance of their security efforts,” said Alexander García-Tobar, chief executive of Valimail, which sponsored the study. “While traditional approaches are good for filtering malicious content and blocking spam, impersonation attacks can only be stopped with email anti-impersonation solutions. Individuals at all levels of a company, including customers and clients, are vulnerable to phishing, fraud, and impersonation attacks.”
Key findings of the report include:
• 80 percent of respondents are very concerned about the state of their companies’ ability to reduce email-based threats
• 65 percent are likely to implement an automated DMARC enforcement solution if it stopped impersonation attacks
• 79 percent believed their organizations had suffered a data breach in the last year
• 69 percent said their organizations use anti-spam and anti-phishing filters as their primary protections even though those mechanisms have been proven to be ineffective
• 61 percent felt their companies aren’t spending enough to prevent email-based cyberattacks, in spite of a sense of urgency among IT professionals
• 59 percent said their organizations have not created a security infrastructure or plan for email security
The study found IT security professionals were most worried about email as the source for impersonation attacks, including phishing and domain spoofing. The study surveyed 650 IT security professionals who have a role in securing email applications and/or protecting end-users from email threats. The average company in the study has more than 1,000 employees, six servers, and 15 cloud-based services that send email on their behalf – indicating they operate with complex email environments.
As more companies recognize and respond to email vulnerabilities, Valimail executives expect to see organizations deploy a layered defense that adds Domain-based Message Authentication, Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF) authentication standards to their existing secure email gateway (SEG) technologies and anti-phishing training.
“Companies can strengthen their security against email fraud with automated solutions and close that disconnect between email threats and preventive action,” García-Tobar said.
“We were surprised to see a vast majority of companies who believe that they have had a breach involving email but are not yet embracing automated anti-impersonation solutions to protect themselves proactively,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Adopting fully automated solutions for DMARC enforcement that provide email authentication will help companies get ahead of the attackers and build trust with their clients and end users.”
Click here to register to download the report.