Recently, Symantec revealed what they learned from those in attendance during Microsoft’s TechEd conference in June. This week Proofpoint released its findings from the same conference about trends in email and information security, and the results are not encouraging.
The State of Email Security
Their survey, in which 330 survey participants submitted their answers about the state of email and information security in their companies, showed that targeted attacks against large organizations are extremely common and can easily compromise user credentials and corporate IT systems. Just how common and how easy? Let’s take a look.
Half of all respondents (51 percent), and 56 percent of respondents from organization with 1000 or more email users, reported that they believed their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31 percent do not believe they were the target of such an attack and 18 percent reported they did not know. Organizations with fewer than 1000 email users reported fewer spear phishing attacks -- 42 percent believe they had been targeted, 39 percent did not and 19 percent didn’t know.
More than one third (34 percent) of respondents who reported experiencing a spear phishing attack in the past year (17 percent of all respondents) believe that attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.
Asked which of five platforms -- outbound corporate email, social media, lost or stolen mobile devices, and online file sharing/collaboration and short messaging services -- they felt posed the greatest risk of data loss to their organizations, respondents chose outbound email, but just barely. Here's the breakdown.
- 22 percent feel outbound email sent from their organizations is the greatest source of data loss risk
- 19 percent feel that online file sharing/collaboration solutions (e.g., services such Dropbox, Box and others) are the greatest source of data loss risk
- 18 percent feel lost or stolen mobile devices are the greatest source of data loss risk
- 17 percent feel postings to social media sites (e.g., Facebook, LinkedIn) represent the greatest source of data loss risk
- 3 percent feel that short messaging services (e.g., Twitter, SMS, text messaging) are the greatest source of data loss
- 21 percent of respondents say they “don’t know” which platform poses the most risk
Proof is in the Protection
The most obvious thing this survey tells us is the illusion of a secure enterprise isn’t even an illusion any more. IT personnel are under the impression that their systems are being compromised or have the possibility to be breached.
So what can they do to restore the image and improve the reality of email security? Considering that Proofpoint conducted the survey, it’s only fitting that they are able to provide a solution. Proofpoint recently introduced Proofpoint Targeted Attack Protection, a new, cloud-based solution designed to provide reliable protection against spear phishing and other forms of targeted attacks. By using big data analysis techniques to identify and apply additional security controls to suspicious messages, Targeted Attack Protection detects, protects, blocks and responds accordingly.
Regardless of what you use to help stop phishing attacks, this survey makes it clear that whatever you're using isn't enough and the risk is only getting worse.