Dive Brief:
- Six in 10 IT professionals say the number of impersonators trying to scam their companies via email rose in the last 12 months, according to a survey of 1,000 IT decision-makers from email security company Mimecast. That number grew by more than half, up from 40% in last year's report.
- Among companies hit by email impersonation, 73% say a social engineering incident led to a direct loss for the company. Of those organizations, 39% lost data, 29% suffered financial loss and 28% lost customers.
- Phishing attacks were almost a constant — 94% of companies dealt with phishing attacks at some point during the past 12 months.
Dive Insight
As companies take more processes online, the volume of internal data that sits just an email away expands, making email accounts more valuable targets for cyberattackers.
Email users represent the last mile of a cybersecurity system, and ultimately make decisions that make or break the barriers companies set up to protect data and money.
“Even if something made it through the filters, they have to select to open it," said Joshua Douglas, vice president of threat intelligence at Mimecast, in an interview with CIO Dive.
The top sectors impacted by impersonation attacks were the financial, manufacturing, professional services, science and technology and transportation industries.
Douglas offered a few guidelines for guarding processes and frontline staffers:
- Establishing and adhering to companywide cybersecurity policies.
- Using prenotes in payroll management to validate bank accounts prior to transfers.
- Offer staffers access to awareness training to help them identify threats ahead of time.
That said, companies would be unwise to fault frontline staffers who fall for cyberattacks like phishing, Cath Goulding, head of cybersecurity for Nominet, told CIO Dive last month. Scammers and phishers grow more sophisticated over time, and incorporate new features to get around system protections.
The tie between weak cybersecurity systems and companies financial health was made clear last week when ratings agency Moody's delivered its first outlook downgrade caused by cybersecurity. Equifax's outlook went from a stable to negative thanks to projected financial fallout from its 2017 data breach scandal.