According to the 2016 Mimecast Business Email Threat Report, around 83% of IT security managers identified email as one of the most common sources of cyber attacks. With hundreds of emails sent and received every day, the risk of bumping into a phishing email is quite high, and bogus emails are so carefully crafted that even the most attentive employee can be fooled.
IT professionals lack confidence in their ability to detect email scams
IT professionals’ concern regarding email-based attacks is coupled with their lack of confidence in their ability to detect such attacks – 65% don’t think they are fully equipped or up to date to protect themselves from email scams and their consequences.
By cross-referencing respondents’ confidence in their email security with their experience of hacks/breaches, the report identified five different personas:
The archetype of this category works for a medium-sized company that doesn’t invest much on email security (around 6.9% of the IT budget). They don’t have prior experience of email hacks and completely lack confidence in their ability to prevent or cope with one. 31% of total respondents fall in this category.
Although they have experienced some email attacks, they haven’t learnt the lesson. They feel totally unequipped and not ready to prevent or face a future attack, increasing the cyber risk perceived by the medium-sized company they work for. 6% of the IT security managers interviewed fall in this category.
They work for a large company that doesn’t invest much in email security. Similar to the Nervous, the Battle-Scarred has been a victim of several email attacks but wasn’t able to transform their experience into a lesson. This category accounts for 28% of the total.
Although they have never been victim of an email scam, they feel confident and equipped to prevent one because the large company they work for spends around 11.5% of the IT budget on email security, strengthening their confidence. 16% of IT professionals identify with this persona.
The Equipped Veteran
Unlike the Nervous and the Battle-Scarred, the Equipped Veteran managed to translate their direct experience with email hacks into lessons to be learnt, becoming more confident in their ability to deal with them. Part of their increased confidence comes from the strong investments in email security made by the large organisation they work for. 19% of total respondents belong to this category.
Become an Equipped Veteran with our Staff Awareness E-learning courses
If you feel like the Apprehensive and the Nervous, and want to improve or strengthen your ability to avoid email-based cyber attacks and increase your awareness of information security, you can easily learn more about the topic and discover tips and tricks from the comfort of your chair with our Staff Awareness E-learning courses. Delivered online, they are accessible from any place, at any time, leaving you the freedom to access the modules and final test whenever you are ready.
Our suite of information and cyber security e-learning courses includes:
- Phishing Staff Awareness course – get a foundation course on phishing attacks: what they are, how they work and practical tips to avoid them;
- Information Security Staff Awareness course – get an introduction to information security and security best practices;
- Information Security and ISO 27001 Staff Awareness course – gain a better understanding of information security risks and compliance requirements such as ISO 27001:2013.