Employee behaviour perceived as email security threat

The overwhelming majority of organisations in Australia and NZ (ANZ) rank poor employee behaviour as the greatest email security concern, according to a Barracuda Networks-sponsored survey. The survey has highlighted the need for organisations to include employee awareness and training as part of their email security strategy. The global study of more than 630 professionals responsible for IT security was conducted by Dimensional Research, to better understand the email security approach of today’s organisations.

ANZ respondents indicated that their organisation would benefit from additional email security capabilities, with phishing simulation (55%), social engineering detection (58%), email encryption (65%) and data loss prevention (74%) leading the way in terms of capabilities valued. Meanwhile, 84% of respondents in Australia and New Zealand believed that poor employee behaviour was a greater email security concern than inadequate tools (16%).

All respondents from ANZ have good intentions and believe end-user training and awareness are important; however, only 84% provide training for their employees. It was also reported that larger organisations (over 1000 employees) are more likely to train their employees. When asked what approaches would work best, 61% of respondents from ANZ cited regularly scheduled modules that can be done at an employee’s convenience, followed by customised examples relevant to departments and roles (52%) and unscheduled simulations of typical attacks (42%).

In response, Barracuda expanded its PhishLine product portfolio with a streamlined edition for organisations with fewer than 1000 employees, tuned specifically for distribution through the reseller channel. PhishLine helps prevent email fraud, data loss and brand damage by training and testing employees to recognise highly targeted phishing attacks. It is now available in multiple versions to suit the needs of organisations of all sizes.

“As phishing attacks become increasingly stealthy and more targeted, our adversaries have shifted their focus from the largest organisations to smaller targets,” said Hatem Naguib, SVP and GM of Security at Barracuda. “Today’s announcement expands our PhishLine portfolio, by building on our enterprise-grade offering with a solution aimed specifically at simplicity and fast time to value, fit for today’s resource constrained mid-sized businesses.”

According to Gartner, “Attack methods continually evolve to stay a step ahead of your security strategy. Therefore, it is paramount to train employees to be security-conscious, critical thinkers who can leverage their knowledge in new and changing situations.”

PhishLine helps humans recognise the subtle clues that an email is not from whom it says it is from, using a two-pronged approach to achieve this. First, computer-based training gives users a baseline understanding of the latest techniques attackers are using. Second, PhishLine embeds learning into business processes, by launching customised simulations that test and reinforce good user behaviour. A large library of curated content means faster time to value, while rich reporting and analytics provide visibility.

Source: TechnologyDecisions.com.au