Mimecast Limited published its “The State of Email Security” report. The report shows enterprises faced unprecedented cybersecurity risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training. The fifth annual “The State of Email Security,” report is based on a global survey of 1,225 information technology and cybersecurity leaders, and supported by Mimecast’s Threat Center data, which screens more than one billion emails per day.
A full 86% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. 78% in the UAE indicated they had been impacted by ransomware in 2020, a massive increase from 66% of companies reporting such disruption in last year’s “The State of Email Security” report. Companies impacted by ransomware lost an average of six working days to system downtime, with 29% of the companies in the UAE saying downtime lasted one week or more. 43% of ransomware victims paid threat actor ransom demands, but only 44% of those were able to recover their data. More than half (56%) never saw their data again, despite paying the ransom.
“The ransomware epidemic continues to rage, and the approaches to and results of remediation vary wildly. Many companies are choosing to pay ransoms rather than risking extensive business downtime and expensive consulting fees to conduct self-remediation – but this introduces its own set of risks, including threat actors not holding up their end of the bargain. Paying ransom also makes companies an attractive target for subsequent attacks, since they’ve demonstrated they’re willing to pay.” said Josh Douglas, Vice President of Threat Intelligence.
While ransomware was a big problem for organizations in 2020, it wasn’t the only one. Mimecast’s “The State of Email Security” report also revealed additional threat trends, including a 64% year-over-year increase in threat volume, an increase in email usage in seven out of 10 companies, 40% of survey respondents noted they saw an increase in email spoofing activity and in the UAE, 88% said they are concerned about the risks posed by archived conversations from collaboration tools compared to the 71% globally.
All of these data points can be attributed to the pandemic: work-from-home increased email and collaboration tool usage, and threat actors sought to capitalize on the new “digital office” with massive waves of COVID-19-related social engineering attacks.
Despite facing an elevated threat volume, the report found that companies aren’t doing well in the area of threat prevention. In addition to the 86% of local respondents who indicated a lack of cyber preparedness (compared to 79% globally). As many as half of those surveyed in the UAE said their organisations fall short in one or more critical areas of email security systems (compared to 40% globally), leaving employees open to phishing, malware, business email compromise and other attacks. 50% of the respondents in the UAE said that employee naiveté about cybersecurity is one of their greatest vulnerabilities, and yet only one in five respondents indicated they have ongoing (more than once per month) security awareness training in place.
Given these factors, it’s not surprising that 75% of survey respondents in the UAE believe their business will be harmed by email attacks in the next year. In 2020, 60% of respondents said they felt this way.