Over Half of Employees Don’t Adhere to Email Security Protocols


As many as 87 per cent of 280 decision makers have predicted email threats to increase in the coming year. This is according to a recent survey by Barracuda Networks. It was revealed in a blog post that many organisations are admitting to being rather unprepared when it comes to email security. In fact, 94 per cent admit that “email is still the most vulnerable part of organizations’ security postures”.

A rise in attacks

“Unsurprisingly, finance departments seem to experience the most attacks, with 57% identifying it as the most targeted department,” explained Chris Ross, senior vice-president of international sales at Barracuda. “What was surprising was the rise in customer support attacks; a not insignificant 32% identified this as their most attacked department in what could indicate a new emerging trend for would-be attackers.”

The blog continues, stating that employee training is yet to become a priority for many, with merely 29 per cent of respondents receiving the relevant training on an annual basis. What’s more, 7 per cent stated they have never received training or that they were unsure.

“The lack of training is clearly leaving employees either confused or unaware of security protocol, as over half (56%) stated that some employees do not adhere to security policies,” Ross continued. “Of those, 40% said their employees used a ‘workaround’ to do so, perhaps referring to shadow IT solutions and the issues they continue to cause in enterprise IT environments.

“Both of these issues could be solved by regular and in-depth employee security training,” he concluded.

Organisations have also seen cyber-attacks make their way through emails. According to the survey, 47 per cent were attacked by ransomware, 31 fell victim to a business email compromise attack, and a huge 75 per cent admitted to having been hit with brand impersonation. These statistics cover merely the last year. Barracuda also discovered that 83 per cent of all email attacks were focused on brand impersonation in its recent spear phishing report.

The good news is that organisations are beginning to take matters into their own hands. 38 per cent of them are increasing their security budgets next year, and 36 per cent intend to implement instant messaging applications such as Slack to reduce email traffic.

“This approach comes with a warning from us,” said Ross. “While we haven’t yet seen attacks using messaging platforms such as Slack, this may well change in the future and doesn’t necessarily mean that these platforms are immune to attacks.

“Any organization going down this route should do so with care, as if we know anything about cyber-attackers, it’s that they’re always trying new ways to catch their victims out.”

Join us for ECS UK

Join us on 24th September for Whitehall Media’s 4th Enterprise Cyber Security conference where we bring together hundreds of cybersecurity and InfoSec specialists from both the public and private sector committed to protecting the largest organisations from a growing cyber threat. Covering secure systems, new threats and defences and the ways organisations can adapt to provide the best possible security for their customers and employees.