87% of companies experienced an email-based threat in the past year, while 35% have been hit by ransomware, according to a Barracuda report.
Email security threats remain a pervasive issue for organizations large and small, according to a Tuesday report from Barracuda. Some 87% of IT security professionals said their company experienced an attempted email-based threat in the past year, while 35% said they have been hit by a ransomware attack, the report found.
Of the 634 executives and team members serving in IT security roles surveyed worldwide, 88% said the threat of ransomware remains a concern. Of those who were victims of ransomware in the past, 75% said that the attack originated via email. Another 32% said the attack originated via web traffic, while 23% said network traffic, according to the report.
With these rampant threats, IT security professionals agree on the necessity of employee training for protecting organizations against email-based attacks. All respondents said that end-user training is important to prevent attacks. However, that training is broken, and 98% of respondents said that there were better ways to train employees than traditional classroom-style education.
Here are the four best ways to train employees on cybersecurity, according to the IT security pros surveyed:
1. Customized examples that are relevant to an employee's department and role (54%)
2. Unscheduled simulations of typical attacks (51%)
3. Training modules that employees can complete at their convenience (47%)
4. Rewards for those who take the right actions (28%)
Whatever training you decide to implement, a multi-layered approach to cybersecurity is critical for protecting any organization, and its employees, applications, and data.
Of companies that have been hit by ransomware, only 12% claim to have actually paid the ransom to unlock their files, the report found, while 88% said they did not pay. Large enterprises were more likely to pay up than small and mid-sized businesses. This is a bit surprising given past reports on companies paying exorbitant amounts to regain access to their systems, and could be a sign that more companies have backup solutions in place to recover critical data on their own, without paying, the report suggested.
As more organizations move to the cloud, the report also examined opinions around Office 365 email security. Larger businesses reported more concern about this than smaller businesses, perhaps because they have more data at risk on the platform, with broader deployments that include SharePoint, OneDrive, and other applications, the report noted.