The human cost of cybersecurity attacks
Wellbeing of security professionals also compromised
Email attacks are on the rise. Our recent global email security report, which surveyed 660 IT stakeholders at organisations around the world, discovered over the past year, 82% of organisations have faced an attempted email-based security threat. Moreover, 74% would describe email attacks’ impact on their organisation as significant.
In the aftermath of an email attack, the focus often centres around the resulting financial and reputational damage companies face. Its effect is usually measured by dollars and pounds.
Sometimes, it can be easy to forget cyber security’s human cost. However, a 2018 survey found people working in technology actually reported a 78% increase in mental-health related illness compared to the previous year. While it can be hard to pinpoint root causes, it’s hard to imagine the recent increase in cyber attacks has helped this issue.
Chris Ross is the SVP International at Barracuda Networks.
EMEA is suffering under the weight of email attacks
Given that, according to Verizon, 90% of cyber attacks enter via email, we wanted to investigate the effects of email attacks in particular on the wellbeing of IT teams. Interestingly, the impact of email threat attacks is bigger among organisations in the EMEA region.
The pressure starts as soon as emails are flagged as suspicious. EMEA IT teams receive far more suspicious emails than the global average (even though the majority of these turn out to be false alarms), with 7% receiving over 50 per day and a third (32%) receiving between six and 50 per day.
The time taken to identify and respond to email reports on this scale is taking its toll on IT teams’ productivity and stress levels. 81% admitted spending over 30 minutes investigating and remediating each email attack, while 47% spend over an hour.
Understandably, this has had a detrimental impact on stress and anxiety levels, with over a third - 38% - blaming email attacks for higher levels of stress felt at work. Senior IT leaders were most likely to suffer this impact.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Worse still, the pervasive effects of email attacks also affect IT professionals outside the workplace, with 38% worrying about email attacks outside of working hours and 16% cancelling personal plans due to an attack. Additional stress comes from the potential reputation damage that comes from successful attacks, which 32% admit is a concern.
And why is this particularly felt in the EMEA region? Well, organisations based here are most at risk to spear phishing attacks, with nearly half - 48% - of companies from the EMEA region falling victim to spear phishing attacks in the past year.
The impact of spear phishing attacks on the reputation of organisations in EMEA is much higher compared to other regions too; 39% of EMEA respondents reported damage to their reputation over the past year, compared to the global average of 27%.
Are email attacks your organisation’s Achilles heel?
A lack of faith in their company's security levels threatens to further reinforce IT professionals stress levels. Despite email being utilised by organisations since the 1990s, a massive 94% of respondents confessed that it is still the most vulnerable part of their company’s security posture. More than half - 52% - of EMEA respondents claimed that the security in their organisation is unlikely to have improved in the last year, compared to the global average of 63%.
This stress was compounded by a lack of security awareness training. 29% of respondents stated they received security training just once a year, with 7% claiming that they had never received training or that they weren’t sure.
Without adequate training proceedings, email attacks are destined to continue to succeed. Successful security requires a combination of innovative technology and effective training.
A brighter future
The stress and anxiety felt by IT teams is further compounded by the current cyber skills shortage. Not only are IT teams constantly on ‘red alert’, but they are also spread thinly, due to the demand for security professionals outstripping the supply.
The answer? Invest in your IT professionals and cyber security posture, and they will invest in you. Be it the right tools, the right training or more, it’s clear EMEA organisations have far to go to bridge the gap and turn their employees into an effective line of defence as part of a wider holistic email protection strategy.
Companies that invest in an email protection strategy that includes both technical solutions, such as automated incident response tools, as well as a regular and in-depth security awareness training, will benefit from a happier and more productive IT workforce.
Chris Ross is the SVP International at Barracuda Networks.
Chris Ross is the SVP International at Barracuda.
He is an internationally experienced GM and SVP for Sales and Marketing having held Executive-level roles for market-leading industry names and emerging technology companies both listed and private equity backed. His career began in sales management positions with enterprise software and storage companies where he quickly progressed to VP and GM (EMEA) and now he leads Barracuda Network’s business internationally. Other notable achievements include leading Powerquest Corp. through transformation to an Enterprise Solution Sales focused business and preparing it for sale to Symantec Corp. where I was retained as VP & GM; and at CA Technologies he was a key member of the management team that secured the private equity buy-out of Arcserve gaining invaluable experience of M&A strategy. He is able to conceptualise bold and ambitious opportunities where others may only see incremental growth. Moreover, as a passionate and driven “people person” he enjoys building high performing teams and rapidly scalable international business units and I can be equally operational and strategic. One of his proudest undertakings was driving the transformation of Wycombe District Swimming Club from an under-funded local club with 120 children to a nationally recognised “Top 10” club with best-in-class coaching and over 600 swimmers.