Business email compromises still a threat with email fraud on the rise, study
Business email compromises still a threat with email fraud on the rise, study

Despite major investments in cybersecurity, email fraud continues to rise as cybercriminals' tactics become more advanced.

Proofpoint researchers surveyed 2,250 IT decision makers across the U.S., the U.K., Germany, France and Australia and found 75 percent of organizations were targeted at least once by email fraud, in the last two years and 41 percent said their business had been targeted multiple times, according to Proofpoint's Understanding Email Fraud: A Global Survey report.

Fortunately governments are recognizing the need to address the threat and are pushing to promote and in some cases mandating the use basic email authentication to protect businesses and citizens. The push has led to 47 percent of those surveyed getting the budgets they need to deploy email fraud protection. Unfortunately, cybercriminals are growing more effective at evading traditional security tools.

The U.S. is the most targeted, with 84 percent of respondents of the country reporting one or more attacks followed by Australia with 80 percent reporting having been attacked. Researchers didn't find any correlations between the size of business and the likeliness of attack suggesting all businesses are at risk.

“We found that email fraud is pervasive, disruptive, and in many cases, catching businesses unprepared,” researchers said in the report. “Just 40 percent of survey respondents say they have full visibility into email fraud threats in their environment, and even fewer have controls in place to stop them.”

The public sectors push has been so effective that the three countries with the highest levels of email fraud protection—the U.S., the U.K. and Australia—are those whose governments have pushed businesses most strongly to deploy such safeguards. Germany however, appears to be the least targeted country

In addition, 77 percent of respondents were worried their company would be targeted by email fraud within the next 12 months. For those who had experienced attacks within the last two years, 56 percent reported the incident resulted in downtime and disruption, 33 percent said the attack resulted in lost funds, and 24 percent said it resulted in the firing of personnel.

Board rooms are taking notice to the threat, 82 percent of respondents said the threat is a concern for board members and executive teams while 59 percent consider email fraud one of the top security risks to their business.

To address the concerns 57 percent of orgs implemented a user-awareness program on phishing, 43 percent have implemented email authentication, 48 percent have created third party policies to protect their supply chain and 23 percent have purchased cyber insurance.

There was no clear winner when asked which department is most at risk of attacks with 55 percent saying the financial team, 43 percent saying accounts payable, 37 percent saying the c-suite and 33 percent saying the general workforce.

Email authentication is just one of the first steps in protecting ones organization from compromise. Data protection and transferring the risks were other methods listed to help organizations combat the threat of email fraud.

In addition, the study found organizations still need to overcome the obstacles presented by a lack of technical understanding, lack of budget, the technical complexity of a company's email ecosystem, a lack of awareness, and a lack of executive sponsorship for the projects at hand present significant6 hurdles.