Two-thirds of infosec pros say they can’t defend email attacks: Study

Because it is one of the easiest ways to distribute malware, email is one of the biggest headaches for CISOs.

But a study released this week suggests almost two-thirds of infosec pros feel whatever they do or spend on email security isn’t enough.

The study, paid for by Mimecraft, a British cloud-based email security provider, showed 65 per cent of the 600 responding IT security decision makers don’t feel fully equipped and up-to-date to cope with the risks posed by email threats.

In fact half of the 123 managers with recent, direct experience of a breach think their organization’s email infrastructures are somewhat or much more vulnerable than they were just 12 months ago. This group were more than four times as likely to feel much more vulnerable than one year ago compared to those without that experience and nearly two times as likely to feel somewhat more vulnerable.

Even respondents who said their company spends at least 10 per cent of their security budget on cybersecurity weren’t confident.

In an interview Orlando Scott-Cowley, Mimecast’s cyber security strategist, admitted that a security professional shouldn’t be confident that any attack vector has been secured. But, he admitted “one of the biggest surprises is that even regardless of the budget spend on email security they still felt email was the way they were going to be breached, because I still felt there ought to be a level comfort people get from spending, certainly on a service like email.”

The fact that 65 per cent don’t feel fully equipped to fight email attacks “does surprise me that we’re still not entirely sure we’ve done a good job no matter how much we spend.”

The online survey covered 200 IT security professionals in the U.S. and in Britain, and 100 in South Africa and in Australia.

According to Symantec, about half of all email traffic around the world is spam. In July 2015 alone one in 1,628 emails were phishing attempts.

The survey also found — perhaps understandably — that respondents whose companies had been breached through email were more likely to use additional email safeguards such as intrusion prevention, email encryption gateway and email attachment sandboxing and over and above traditional anti-virus, anti-malware, and spam filter measures.

Finally, when asking about the email threat their organization was least-equipped to deal with, internal threats were number one (48 per cent), followed by mobile devices (34 per cent).

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now