Most companies believe they’ve experienced serious data breaches driven by email impersonation in the past 12 months – but are not doing nearly enough to prevent future impersonation attacks, according to a new study conducted by the Ponemon Institute.
The study found that IT security professionals were most worried about email as the source for impersonation attacks, including phishing and domain spoofing. The study surveyed 650 IT security professionals who have a role in securing email applications and/or protecting end-users from email threats. The average company in the study has more than 1,000 employees, six servers, and 15 cloud-based services that send email on their behalf – indicating they operate with complex email environments.
- 80 percent of respondents are very concerned about the state of their companies’ ability to reduce email-based threats
- 65 percent are likely to implement an automated DMARC enforcement solution if it stopped impersonation attacks
- 79 percent believed their organizations had suffered a data breach in the last year
- 69 percent say their organizations use anti-spam and anti-phishing filters as their primary protections even though those mechanisms have been proven to be ineffective
- 61 percent felt their companies aren’t spending enough to prevent email-based cyberattacks, in spite of a sense of urgency among IT professionals
- 59 percent say their organizations have not created a security infrastructure or plan for email security.
Read more: Help Net Security