Many tools are being utilized throughout the enterprise to enhance collaboration and communication as employees continue to work remotely or hybrid, and the use of unsanctioned apps adds to the shadow IT problem, increasing potential security risks. Yet, despite the complex nature of managing a multitude of tools, email remains the top security concern (38%) and is still viewed as the most vulnerable communication and collaboration tool within the enterprise. The research conducted by ESG highlights that within the past year, phishing attacks (34%) and business email compromise (BEC) scams encompassing wire transfer fraud, payroll fraud, and payment fraud (26%) rank among the top threats that have successfully circumvented existing security measures.
“While most organizations are leveraging six or more tools for communication and collaboration, email tops the list by a wide margin as the channel considered most vulnerable to threat actors,” said Dave Gruber, Principal Analyst, ESG. “The good news is that organizations are focused on strengthening all communication and collaboration channels collectively, including email.”
The research further uncovers persistent gaps in email security controls, despite efforts to prioritize and invest in this area. Notably, nearly a quarter (23%) of respondents say that their current email security strategy lacks comprehensive security awareness training and assessments. Additionally, a quarter of respondents indicated consistent concern regarding inbound email attacks that evade and breach native security controls.
While many respondents will continue to rely on native security controls provided by their cloud email solution provider, more than a third (34%) report already implementing additional third-party security controls to address these gaps, with another 46% planning to do so in the next 12 months.
“This research is highlighting the reality that there is only so much technology alone can do to protect against advanced phishing and BEC attacks,” said Audian Paxson, Director of Technical Product Marketing at IRONSCALES. “Native tooling can provide some useful table stakes, but stopping advanced phishing attacks requires a more sophisticated set of tooling. Enterprises are recognizing that to thwart emerging threats, especially those leveraging social engineering and AI, they need to complement their AI-powered email security solutions with collaborative human insights.”
The report underscores the continued importance of security fundamentals and best practices that all organizations should adhere to, such as regular assessments for shadow IT, defining clear responsibilities for security and management, and continual analysis of existing security stacks.
Nearly 500 IT and cybersecurity professionals from private- and public-sector organizations throughout the U.S. and Western Europe were surveyed in early 2023 for this report. Click here to download a complimentary copy.
IRONSCALES is the leading cloud email security platform for the enterprise that uses AI and human insights (HI) to stop advanced phishing attacks that bypass traditional security solutions. Its award-winning self-learning platform continuously detects and remediates advanced threats like Business Email Compromise (BEC), credential harvesting, Account Takeover (ATO), and more. As the most powerfully simple email security platform, IRONSCALES helps enterprises reduce risk, boost security team efficiency, and build a culture of cybersecurity awareness. IRONSCALES is headquartered in Atlanta, Georgia, and is proud to support more than 10,000 customers globally. Visit http://www.ironscales.com or @IRONSCALES to learn more.