Over the last few years, cybercriminals have changed tactics and shifted from targeting systems to targeting people. Email fraud is highly pervasive and deceptively simple; hackers don’t need to include attachments or URLs, emails are distributed in fewer volumes, and typically impersonate people in authority for maximum impact. These and other factors make email fraud, also known as business email compromise (BEC), extremely difficult to detect and stop with traditional security tools.
Proofpoint’s 2018 Understanding Email Fraud Survey, asked 2,250 senior IT decision makers across the U.S., U.K., France, Germany, and Australia for their email fraud experiences from the last two years. It reveals 82 percent of boards are concerned with email fraud and more than half (59%) consider it a top security risk—no longer just an IT issue. Yet almost a third (30%) of respondents cited a lack of executive support as a key challenge to email fraud protection deployment.
In Australia, the research underscores that email fraud is catching organisations unprepared. Insights include:
- 80 percent of Australian organisations (75 percent globally) experienced at least one targeted email fraud attack, with 33 percent suffering multiple attempts in the last two years. However, some organisations are taking proactive measures to protect both their brand and their employees. More than half (54%) of Australian businesses have implemented a user-awareness program on phishing, and 48 percent use email authentication.
- 80 percent of Australian businesses (77 percent globally) expect they will fall victim to email fraud in the next 12 months and yet only 43 percent have full visibility into email threats. There is a clear anxiety felt by IT decision makers in Australia when it comes to protecting the organisation from email fraud. Alarmingly, 62% of Australian businesses didn't have financial controls in place to protect their business against wire transfer fraud. In terms of email fraud protection, 49% of Australian businesses stated they were already implementing a solution.
- Cyber criminals are reaching deeper into the organisation beyond the C-suite. Respondents deemed the Finance and Accounts Payable departments most at risk of receiving spoofed emails, with the C-level executives almost on par with the general workforce.
- More than 1 in 3 attacks on Australian businesses (35%) led to loss of funds to cybercriminals. Other consequences included business disruption (55%) and loss of sensitive data (43%); Email fraud also puts employees directly at risk: nearly one in four attacks (24%) resulted in employment termination.
With 59 percent of organisations considering email fraud one of the top security risks to their business, it is encouraging that some are adopting techniques to protect their employees, partners, and customers. As the volume of attacks and level of sophistication employed by cybercriminals increase, organisations need to proactively shut down these tactics before the damage is done.
Proofpoint research shows email fraud has a direct impact on both employers and employees. Businesses suffer downtime and loss of revenue, and individuals could potentially lose their jobs. By implementing a multi-layered defence strategy, organisations can protect their systems from advanced data-stealing attacks and their employees by blocking, detecting, and proactively responding to email fraud attacks.
Dependence on e-mail presents a difficult problem for business leaders – how can they support the continued use of a technology which exposes the business to constant cyber-attacks? Contact Sparx Solutions today to review your email security strategy.
Read the latest Proofpoint Email Fraud Threat Report - Year In Review
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.