Email remains the number one way for cyber criminals to target organisations. With phishing attacks the top threat to email users.
And while dedicated cyber security strategies are much more common, three out of four companies still risk their reputation and financial wellbeing to cybercrime.
The State of Email & Collaboration Security Report 2024 (SOECS) is the latest report from cyber security specialists Mimecast. In this article, we’ll outline some of the key findings, threats and options available to help you stay aware and secure.
1. Key findings.
2. The state of email cyber crime in 2024.
3. Cyber security challenges in financial services.
4. Email security in financial services.
5. Choose a trusted financial services specialist.
Key findings
Based on an in-depth survey of 1,100 IT and cyber security professionals working in high value industries around the world, the report makes clear that cyber threats aren’t going anywhere. In fact, cyber crime is predicted to grow by 15% per year over the next two years. It therefore comes as no surprise that 90% of those surveyed said their organisations had already rolled out a formal cyber security strategy — with 43% saying their IT department is entirely responsible.
3% are in the process of implementing their strategy, and 6% have no formal strategy at all.
The financial services sector is the most diligent, having the most participants (60%) say their company has a thorough cyber security plan covering all areas of the business.
This leaves many organisations, including 40% of the financial services participants, dangerously vulnerable to attacks. The SOECS report gives several reasons for this, including human risk factors and tightening budgets. It’s not all doom and gloom though as many companies are making serious efforts to improve their cyber security and prevent criminal activity.
The state of email cyber crime in 2024.
Today, almost every organisation relies on its networks and digital infrastructure to function. These networks are by their nature connective and inevitably face cyber security threats, which explains why the World Economic Forum ranks cyber crime at number four in their Global Risks Report over the next two years. Combined with statistics from the SOECS report, it makes for uncomfortable reading:
- According to the Deloitte Center for Controllership, just over 48% of C-Suite and other executives expect the number and size of cyber crimes to increase in the year ahead.
- Cyber crime is expected to grow by over $2 trillion between 2023 and 2025, with each data breach costing an average $4.45 million.
- In 2023, almost 6 billion electronic records were stolen.
- Approximately 1 billion emails were exposed in 2023, affecting 1 in 5 internet users.
The biggest threats come from cyber criminals using email to target companies with threats such as:
- Spoofing — which involves faking an identity through email, caller identity, website URL, or similar for the purposes of theft.
- Phishing — a form of spoofing designed to entice unsuspecting users to reveal sensitive information by pretending to be representing a reputable company, such as Amazon or PayPal. Business Email Compromise (BEC), a particularly damaging form of phishing, nearly doubled in 2023.
- Ransomware — cyber criminals block access to critical company data until a ransom is paid. Worryingly, 80% of respondents to the SOECS survey reported falling victim to this type of attack in the past year, and 75% admitted they were left with no alternative but to pay. Ransomware is the fastest growing type of email cyber crime — increasing by a whopping 95% between 2022 and 2023, with the average payout soaring 250% in the same period.
Cyber security challenges in financial services.
Threats from AI.
Business leaders now see sophisticated, AI-enabled, cyber attacks as their primary concern and are under pressure to increase their own AI investment to counter these threats.
This is because the rise in phishing and ransomware attacks is due, in large part, to the growing sophistication of AI tools, such as ChatGPT. 67% of survey respondents believe that an AI-generated attack on their organisation is imminent in the next few months.
Threats from collaboration apps.
Collaboration apps such as Teams and Slack are essential to the functioning of modern organisations. These apps combine communication, messaging, and project management functionalities into a unified platform for sharing information.
They also provide a tempting target for cyber criminals, with so much information passing through them.
69% of respondents expressed concerns about keeping up with the widening array of these apps being used inside their organisations. Moreover, they said that 59% of employees routinely download tools that have not been approved by their IT department. Increasing the danger and taking us smoothly into the next big threat.
Threats from human error.
Human error and misuse have been a threat to organisations since well before the digital age. And with more and more employees working at home, our networks and connections are more common than ever. More than two-thirds surveyed admitted that employees are putting their organisation at risk through the misuse of email, social media, and careless web browsing.
Despite this, only slightly more than half of organisations offer regular cyber security awareness training. This leads to employees who are unable to recognise potential security threats, and cyber security policies that are not rigorously enforced.
Because 8% of a company’s users are responsible for 80% of security incidents, professional trainers have long advocated for consistent cyber security awareness training as a central tenet of a company’s cyber security strategy. This training must reach beyond a one-size-fits-all approach, focusing on employees displaying the riskiest behaviours.
Threats from under-resourcing.
While 97% of respondents praised senior management for their support, many also felt they had been hampered by low budgets, saying an average of 9% of the IT budget was spent on cyber security when it should have been closer to 12%.
In total, 36% admitted that not prioritising cyber security has led to serious deficiencies in their organisations’ defences. 40% said they’ve had to compromise on email and collaboration app security; 37% also said they’re unable to respond to threats as quickly as needed.
A full 86% believe they need to invest more in a cyber security strategy; the specific areas primed for investment are balanced between email security (45%), collaboration app security (44%), and AI (41%).
Despite the fact that 9 out of 10 participants surveyed have a cyber security strategy in place, cyber security threats are increasing and evolving at a rate that most organisations cannot keep up with. In fact, only 7% of respondents were confident their cyber security strategy provides them with as much protection as needed.
When asked whether their organisation saw cyber insurance, a form of liability cover to help cover financial loss, as a comprehensive safety net, 65% said they did not.
Email security in financial services.
The SOECS report showed that the majority of breaches at financial services companies was the direct result of email based crime.
It’s an industry where customer loyalty is built on trust, and a single cyber security breach could lead to severe reputational damage along with heavy financial penalties. Robust cyber security policies are a must for the financial services sector and especially alternative investment firms.
It’s a complicated topic with a lot of options and tools. Fully protecting your business and clients can require in-depth knowledge and years of experience. Here are some steps that can be taken to avoid breaches:
- Introduce enterprise-grade encryption to prevent unauthorised access or sharing of information.
- Create and enforce granular policies around end-user controls, deny lists, and analytics.
- Utilise smart software to combat phishing, ransomware, business email compromise, and other forms of malicious activity.
- Introduce archiving capabilities that comply with regulators and the markets.
Choose a trusted financial services specialist MSP.
As an alternative investment or financial services firm, keeping your customers’ data secure whether in storage or in transit is fundamental to trading reputation. With highly sensitive information regularly communicated via email or collaboration apps, cyber criminals know this presents them with a unique opportunity to steal, misinform and threaten.
Tribeca has two decades of experience as an MSP and IT partner working with alternative investment and financial services companies. As experts in cyber security, we understand the threats, challenges and opportunities your business faces and can help you implement intelligent, robust cyber security policies. Protect against email crime as well other malicious cyber threats with our full support.
If you need to upgrade your email cyber security, get in touch with us today.
