Researchers have determined that any harmful email stays in users’ inboxes for an average of 83 hours before it is either identified by a security team or reported by end users, at which point it is eventually remedied.
According to the findings of researchers at Barracuda, it takes more than three days for a potentially dangerous email to be identified.
For the purpose of this study, the researchers analysed the threat patterns and response procedures of 3,500 different organisations that made up the firms. They found that an average organisation with 1,100 users will experience approximately 15 email security incidents each month, and that on average 10 employees will be affected by each phishing attack that manages to get through. In addition, they found that an average organisation will experience around 15 email security incidents each month.
Additionally, it was observed that three percent of employees had the propensity to click on a link within a malicious email, which leaves the entire organisation vulnerable to cyberattacks.
According to the findings of the research, the vast majority of occurrences were uncovered by the IT team throughout the course of conducting internal threat hunting investigations.
According to the study, the investigations were started by using typical methods such as checking through message logs or doing keyword or sender searches of already delivered mail to look for suspicious activity.
In the meantime, the report stated that some of the incidents were caused by user-reported emails, while the remainder were found by using community-sourced threat intelligence, or through other sources such as automated or previously remediated incidents. In addition, the report stated that some of the incidents were discovered using community-sourced threat intelligence.
There is no security measure that can avert one hundred percent of potential threats. In a similar vein, end-users do not always report suspicious emails because of a lack of training or ignorance, and even when they do, the accuracy of the reported messages is low, which leads to wasted information technology expenditures. According to Murali Urs, Country Manager for India at Barracuda Networks, “Without an effective incident response strategy, threats can frequently go undetected until it is too late to do anything about them.”
“Providing users with consistent security awareness training is an excellent strategy to boost the reliability of the reports they submit. After only two training campaigns, firms that train their users will see a 73% improvement in the accuracy of user-reported email, according to study conducted by Barracuda. This information was included in the paper.
Published at : 28 Oct 2022 11:52 AM (IST)