If you don’t think email security is important, you only need to look at the Hillary Clinton email controversy and how the incident, now known as Emailgate, continues to make headlines almost a year later.
Companies like Google, who serves 900 million users with Gmail, have been pushing to increase user awareness of email security by adding new features including a recent update that warns users when messages are being sent without encryption.
Despite the many preventative measures that can be put in place to mitigate email security incidents, it remains a major concern for IT security professionals; 65 percent of respondents in a recent survey by email security provider Mimecast said that they don’t feel fully-equipped or up to date enough to “reasonably defend” against email-based attacks.
The report, Mimecast Business Email Threat Report 2016, Email Security Uncovered, surveyed 600 IT security professionals to measure the preparedness of organizations in responding to email hacks.
Around one-third (35 percent) of IT security professionals feel confident about their level of preparedness against data breaches. Of those who reported to feel less prepared, nearly half experienced attacks in the past and don’t feel that any additional measures were made to prevent future attacks. And this includes training: one out of ten reports not having any kind of email security training in place.
“Our cyber-security is under attack and we depend on technology, and email in particular, in all aspects of business. So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular,” Mimecast CEO Peter Bauer said in a statement. “As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action. Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”
According to the report, the biggest gaps between the most prepared and least prepared respondents were budget and C-suite involvement. IT security managers who feel the most prepared say their C-suite is engaged with email security, and allocate 50 percent higher budgets to email security compared to less confident managers.
One of the interesting more technical notes is that the least confident respondents are more likely to use Microsoft’s Exchange Mail Server 2010, which ended mainstream support in January. The most confident managers use Exchange Server 2013, the report said.