Email persists as a major avenue for cyberattacks in 2019

A new report from Barracuda Networks reveals that email-based attacks are having a major impact on businesses, despite increased confidence in email security systems.

What attackers want when they hack email accounts Mark Risher, Google's director of product management for identity and account security, explains what hackers are looking for and how Google is ramping up account security.

Barracuda Networks has released its 2019 Email Security Trends report , and while it found that 63% of security professionals feel confident that their organizations are more secure than a year ago, there's a heap of other findings indicating that an increase in confidence isn't an indicator of comfort. 

The report also found that users continue to fail at spotting suspicious emails: Email attacks hit 85% of US-based companies, with half of security professionals saying their stress levels are increasing, and most reporting being unprepared to stop insider threats. 

The facts in the report point to a trend: Attacks are increasing, and security may not be able to keep up.

Email attacks: A fact of life

Email, the report concluded, is likely to remain the top vector for cyberthreats. They're often successful because they prey on the fallibility of humans to trust in their intent, and many email attackers are good at their jobs.

43% of those surveyed reported that machines on their network were infected by malware due to spear-phishing attacks over the past 12 months, and only 9% of respondents were confident in the ability of their email security solutions to catch those threats before they arrive in inboxes. 

Once a malicious email arrives in a user's inbox there are other remediation methods, but there are mixed opinions on the capabilities of those defensive measures as well. Some 38% of respondents said their remediation capabilities are only somewhat, or not at all, effective; 58% rated themselves as very good at catching emails that have bypassed spam filters, and only 4% said they are the best they can be at catching them.

There are other fears reported as well: 58% of respondents said that most emails reported by users as suspicious are actually legitimate. In other words, users are misreporting emails half the time. This can lead to time wasted on wild goose chases, leaving less time for identifying and stopping actual threats. 

Surprisingly, 90% of Office 365 users say they're worried about the security of Microsoft's cloud-based office suite. Spam, data loss, spear-phishing, and account takeover are just some of the risks that respondents were concerned with. 

The bottom line: Email attacks aren't going away, and the IT world keeps getting more complicated, making it harder to catch actual attacks. 

Is AI the solution to email threats?

"Advanced behavioral techniques to spot and stop spear phishing and other attacks will help improve email security overall and reduce the major negative impacts on businesses and the personal lives of IT professionals," the report said.

Along with its growth as a network-building tool, artificial intelligence (AI) and machine learning are going to become more important as cybersecurity tools in the near future. AI can detect things that humans typically miss, and a well-trained machine learning model could put a stop to a good portion of the emails that bypass spam filters and are missed by users. 

Automated security tools have the potential to cut down on things like working into the evenings or weekends, cancelling plans to respond to security incidents, worrying about email security while not on the clock, and general job stress, all of which were reported by respondents. 

IT leaders should look into email security automation tools, but not forget to consult with team members who deal with those very issues daily, as they may have suggestions that can make adoption easier.

Also see

istock-890931786.jpg

Ivlev Sergey (Molnia), Getty Images/iStockphoto

By Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.