Email remains the number one threat vector. This is backed up (again) by a recent Barracuda survey, which found that of those organizations able to identify the source of a ransomware attack, a staggering 76 percent came through email.
And when it comes to email threats, phishing – and particularly spear phishing – have become a lucrative art. These attacks work because they are personalized. Criminals go to great lengths to create very compelling attacks, leveraging the incredible amount of information we make available online.
All it takes is one click on a malicious file or link, or one send of sensitive materials to an impostor, and the future of your business could be in jeopardy.
We continue to see evidence that attackers do not discriminate based on company size. Whether you are a mid-sized business with limited staff and resources, or a 10,000-employee organization with a dedicated security team and budget – we are all feeling the impact of these attacks.
In a new Barracuda global survey, we questioned a number of large organizations with between 500 and 10,000 employees. Over half (56 percent) of those we questioned admitted to being targeted by cyberattacks, with 84 percent of those admitting their organization felt a significant impact as a result. In fact, on average, organizations had been targeted by cyberattacks five times, with 43 percent targeted more than five times. These figures become even more surprising when assuming that the bigger the company, the larger the security budget.
The effects of an attack are not limited to the organization itself. More than three in 10 of those we questioned admitted that their customers (35 percent) and even their employees (32 percent) had lost faith in their security because of an attack. Perhaps most shocking from a global perspective, around one in five report a temporary closure of business (21 percent) or a loss of customers altogether (17 percent).
As our research suggests, even having a sizable security budget isn’t enough to make you immune. After all, it doesn’t really matter how much money there is in the budget when the majority of threats are still infiltrating organizations via email. This point brings us back to the very important notion that the most effective security plans include a combination of people and technology. Leveraging the best practices we’ve outlined on the blog here, is a great place to start. First and most importantly, end-user education is critical today when anyone can be a victim. But with human error at play, organizations must be prepared with a layered security strategy that includes spam protection and malware filtering at the gateway, advanced threat protection and sandboxing technologies, and dedicated spear phishing solutions designed to stop highly-personalized attacks – these best practices can help keep your organization, your data, and your employees safe.
Hatem Naguib serves as Senior Vice President and General Manager, Security Business at Barracuda. He has global responsibility for Barracuda’s complete portfolio of award-winning, cloud-enabled security products that span network, content and application security. He brings more than 25 years of experience in high-tech companies building innovative products in enterprise software, cloud services, data center virtualization, software defined networking, and security. Follow him on twitter @hatem_naguib.