Business Email Compromise or BEC attacks happen more than we’d like to think. According to a global survey of security professionals by Statista, only 35% believe their organisation has not been in the receiving end of such attacks. Twenty-seven percent they have received between one to ten attacks in 2020.
But it is not so much that an organisation is the target of such an attack as it is what happens after the attack escapes an organisation’s security measures and lands in a user’s inbox.
According to Barracuda Researchers, on average, it takes organisations a lengthy three and a half days (over 83 hours), from when an attack lands in users’ inboxes, to when it is discovered and can finally be remediated.
They also found that an average organisation with 1,100 users will experience around 15 email security incidents per month, with around 10 employees being impacted by each phishing attack that manages to get through.
Editor’s choice: PodChats for FutureCIO: Fixing the top 3 security mistakes CIOs make
According to the report, 3% of employees will click on a link in a malicious email, exposing the entire organisation to attackers. Employees will also forward or reply to malicious messages, spreading attacks further within their companies or even externally.
Though these numbers may appear small, the report reveals that it only takes 16 minutes for users to click on a malicious link, and hackers need only one click or reply for an attack to be successful, underlining the need for fast investigation and remediation to keep organisations safe.
“There is no security solution that can prevent 100% of attacks, and end-users don’t always report suspicious emails due to lack of training or negligence, and when they do, the accuracy of reported messages is low, leading to wasted IT resources. Without an efficient incident response strategy, threats can often go undetected until it’s too late,” said Mark Lukie, systems engineer manager, Barracuda, Asia-Pacific.
The research also revealed that most organisations are still reliant on internal threat hunting investigations launched by IT teams to identify email threats for post-delivery remediation (67.6%), with only 24% being discovered via user-reported emails. 8.1% were discovered using community-sourced threat intelligence, and the remaining 0.4% through other sources such as automated or previously remediated incidents.
And while 29% of organisations will regularly update their block lists to block messages from specific senders or geographies, only 5% will update their web security to block access to malicious sites for entire organisations, usually due to the lack of integration between incident response and web security.
Interestingly, Barracuda researchers found that organisations that train their users saw a huge 73% improvement in the accuracy of user-reported emails after only two training campaigns. Focused security training also proved to dramatically shorten the time to remediation, while deploying automated remediation tools also considerably increased an organisation’s ability to automatically identify and remediate attacks in a timely manner.
Lukie warns that people will always be first line of defence. He recommends continuous security awareness training, while deploying a post-delivery threat hunting tool or automated remediation, with integrated email and web security. These actions can significantly reduce the time it takes to identify suspicious emails, remove them from all affected users’ inboxes, and automate processes that bolster defences against future threats.
“In addition to sharing threat data from your organisation and tapping into data shared by others, this is going to be your best line of defence against post-delivery email threats,” he added.