The new normal of 2020 has increased the number of outbound email errors all over the world. The recent 2020 Outbound Email Data Breach Report discussed the survey of 538 IT security leaders.
In the survey, senior managers, responsible for IT security in the United States and the United Kingdom were interviewed. Their industry sectors included financial services, banking, health care, and legal.
93% of IT leaders said that their organization suffered data breaches through outbound emails in the past 12 months. They further revealed that on average, in around 12 working hours, 1 email data breach happens.
The increasing amount of outbound emails during remote working due to the COVID-19 situation has amplified the risk. This report highlighted the actual scale of data security risks related to outbound email errors and email use.
94% of respondents reported a rise in email traffic ever since the occurrence of the COVID-19 pandemic. Whereas, 70% of respondents believe that working remotely escalates the risk to data security from outbound email data breaches.
Join our weekly newsletter and get the latest cybersecurity updates delivered directly to your inbox
The Shocking Findings in the Report
- Surveyed organizations reported at least 180 incidents every year on average, equating to nearly 1 every 12 working hours!
- 62% of respondents rely on people-led reporting to detect outbound email data breaches.
- 24% of IT leaders said that the employee who sent the email would disclose their error.
- 37% of breaches happened because of tired and stressed-out employees.
- The most common types of data breaches happened due to:
- 80% replying to spear-phishing emails
- 80% of emails are sent to the wrong recipients
- 80% incorrect file attachments
- 78% do not use encryption
- 76% intentional exfiltration
- 75% using bcc incorrectly
In terms of action taken:
- According to 46% of respondents, the employee who caused a breach was given a formal warning
- In 28% of cases, legal actions were taken
- In 27% of serious breach cases, the employee responsible was fired
Should Organizations Still Rely on Traditional Email Security Practices?
Human errors and traditional security practices are the most common root causes of data breaches. Today, technology has advanced to the next generation and so have cybercriminals. Hence, relying on old-school email security practices won’t stop these threat actors from launching cyber attacks.
The research in the report revealed that 16% of those surveyed organizations lacked data protection for outbound emails. While some of them were using patchy technology, some had Data Loss Prevention tools in place.
45% of them have message encryption security and 45% use password protection for sensitive documents. However, in the case of one-third of the most serious breaches suffered, employees had not used the technology provided to prevent the data breach.
This report is a huge wake-up call for organizations all over the world. Cybercriminals will not stop targeting countries or continents to leverage the current situation. They are well aware of how every industry vertical across the globe is trying to make a recovery for the post-pandemic.
While we are busy sailing our boat through the constantly changing working scenarios amidst the lockdown, cybercriminals, on the other hand, have already leaped. Finding this the perfect opportunity, they are wasting no time exploiting the new security challenges.
They are using highly sophisticated tactics and every vulnerable resource to launch cyber attacks. Moreover, ever since the occurrence of the COVID-19 pandemic, the traffic of outbound emails has increased immensely.
This has further motivated these threat actors to launch email-based attacks in mass. They have been launching several campaigns to take advantage of mass uncertainty and fear. They spoof email domains of renowned and legitimate sources to trick victims with malicious emails.
According to Forbes, scammers send 3.1 billion emails from spoofed domains every day! Whereas, over 90% of cyber attacks are attempted with emails today. In fact, more than 200% of BEC scams have hit the U.S. companies between April 2020 and May 2020, according to PYMNTS.
What should IT Leaders do to Secure Outbound Emails?
First and foremost, every IT decision-maker needs to implement a standard email authentication protocol like DMARC. In our previous blog, we discussed how only 20% of Fortune 500 firms employed DMARC in H1 of 2020 which resulted in rising email spoofing attacks.
This is why it is important to ensure that your email domain is protected with standard email authentication protocols. CISOs and CIOs must secure their email domains with SPF, DKIM, and DMARC.
And to monitor these three email authentication protocols, TDMARC is the best-recommended tool.
TDMARC is designed and developed to defend to email domains against email spoofing, spamming, BEC attacks, etc.
This tool comes with the following features: Customizable threat summary
- Full insight into email channels
- Smart DMARC and Smart SPF
- Automated alerts and reports of threat details
- IAM (Identity Access Management)