Transcription
REPORT2018 EMAIL SECURITY:TRENDS, CHALLENGES, AND BENCHMARKSA look at differences based on organization size,professional role, and email2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com
TABLE OF CONTENTINTRODUCTION01THREAT FREQUENCY02THREAT PREVALENCE04PREVENTION07REMEDIATION08OVERALL SATISFACTION09PRIORITIZING SECURITY INITIATIVES10SUMMARY11ABOUT THE PANEL12ABOUT GREATHORN142018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com
INTRODUCTIONIn an effort to understand the current stateof email security in terms of environments,threat prevalence, remediation frequency,Top three security priorities1ST2NDlandscape, GreatHorn conducted a surveyof 295 professionals, mostly (but not all) inIT roles, across a wide variety of industries.Collected in June 2018 through both onlineand offline sources, the data provides aunique window into the state of emailsecurity today.The panel’s diversity (panel details can befound at the end of this report) enabled usto explore how different characteristics (levelDataSecurityEmailSecurity48%49%Source: GreatHorn “2018 Email Security Benchmark”33.9%Lay peopledrastically different – and in some cases,surprisingly similar – trends.almost universally the top three securitypriorities, regardless of organization size orrole, with identity & access managementNetworkSecurity43%Who sees email threats intheir inboxes?a close fourth. But we also learned thattwo-thirds of people with limited or noinvolvement in email security say they don’tsee anything but spam in their inbox, whileonly 15.5 percent of people that do haveemail security involvement say the same – astaggering difference.Keep reading to learn more about ourfindings and how your organizationcompares to our sample group.of involvement in email security, companysize, email platform, etc.) correlated intodata security, and network security were3RDand importance within the wider securityFor example, we learned that email security,84.5%Email securityprofessionalsSource: GreatHorn “2018 Email Security Benchmark”2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com01
THREAT FREQUENCY40%see email threatsin inboxes on aweekly basis.15.8%threats weekly – a total of 40 percent seeingemail threats at least weekly.When we separate our sample intopeople who are involved in some way in24.2%email security decisions (“email securityprofessionals”, representing 61 percent of10%20%30%40%Source: GreatHorn “2018 Email Security Benchmark”daily email threatsweekly email threatsour panel) from those who have limited orno involvement (“laypeople”, representing39 percent of our panel), we find a starkOn average, an organization hasthree security products in placeto combat email threats.difference in how frequently the respondentsLet’s start with some simple benchmarkingseeing email-based threats on at leastdata. Across our entire sample size, 15.8a weekly basis. In contrast, a greaterpercent of all respondents indicated that –percentage of email security professionalsdespite whatever email security measures(22.3%) report seeing daily threats, andthey have in place – they or their users seean additional 34 percent report weekly,email threats (categorized as impersonations,for a total of 56.3 percent seeing at leastwire transfer requests, W2 requests,weekly threats. These same email securitypayload attacks / malware, business servicesprofessionals also report an average of threespoofing, or credential theft) on a dailysecurity products deployed to protectbasis, with an additional 24.2 percent seeingtheir email.reported seeing email threats.Approximately 1 in 5 users (20.6%) reportLay PeopleEmail Security ProfessionalsSource: GreatHorn “2018 Email Security Benchmark”Compared with the averageuser, email security professionalsare 2.5x more likely to recallseeing email-based threats intheir inboxes on a weekly basis.2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com02
Not including spam, how often do you see email-based threats(i.e. phishing / spoofing, malware / viruses)?General Population15.8%Email SecurityProfessionalsLaypeople not involvedin Source: GreatHorn “2018 Email Security Benchmark”DailyWeeklyMonthlyLess often than monthlyNeverFor the purpose of our analysis, wecategorized someone as an email securityprofessional if they played one of thefollowing roles for email security: Final say on technical requirements Owns the budget Technical evaluator Sets overall security strategy (e.g. CISO) Business evaluator Investigates and recommends2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com03
THREAT PREVALENCE63.5% of email securityprofessionals seeimpersonation attackbypass their email securitytools and make it to the inbox.Source: GreatHorn “2018 Email Security Benchmark”We found consistent resultswhen we asked what kind ofthreats respondents see in theirinbox (i.e. those that don’t getpushed into quarantine). In thiscase, two-thirds (66.1%) oflaypeople reported nothingbut spam, but only 15.5percent of email securityprofessionals say the same.Overall, nearly half (45.8%) of all respondentsWhen breaking down the data by companyactively see executive, internal, or externalsize, we find the prevalence of threats to beimpersonations bypass their email securityroughly the same (within five percentagesolutions. As we narrow our focus topoints), with smaller companies (defined asemail security professionals (whose jobfewer than 500 employees) seeing slightlyresponsibilities make them more acutelyhigher incidence of wire transfer requestsaware of such incidents), we find that(42.6% vs 36.1%), payload / malware attacks63.5 percent of this population reports(36.1% vs. 31.1%), and credential theft scamsimpersonations. Business services spoofing(37.7% vs 31.9%). Meanwhile, companieswas the second most prevalent threat inwith more than 500 employees were morethis group (42%), followed by wire transferslikely to see executive impersonations (65.5%(38.7%), credential theft (34.3%), andvs 59%) and W2 scams (22.7% vs 18%).payload / malware (33.1%).2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com04
Which of the following types of email doyou / your users see in your inboxes(NOT what gets quarantined)? (Select all that apply)Email security professionalsLay peopleImpersonation of an executive, other internal employee, or external person(e.g. business partner, customer, vendor, etc)63.5%just the sophisticated and personalizedphishing attacks that make it through emailsecurity filters. One-third of email securityprofessionals report that payload attacks(e.g. malicious / suspicious attachmentsor links) – despite being the threats mostheavily guarded against – are still making it17.5%through their cybersecurity defenses.Business services spoofing (e.g. DocuSign, ADP, UPS)Not surprisingly, people who indicatedthemselves as “dissatisfied” or “very20.2%42%As you can see in the above graph, it’s notdissatisfied” with their email security solutionWire transfer requestwere much more likely to see threats reachinboxes, with two-thirds reporting business5.3%38.7%services spoofing, 57 percent seeingCredential theft (e.g. sending you to a fake login page)12.3%34.3%payload-based threats, 57 percent credentialtheft, and an astonishing 76 percent seeingimpersonations.Payload attacks (e.g. malicious / suspicious attachments or links)33.1%12.3%W2 or confidential information requests21.5%7%None of the above or Nothing but Spam15.5%66.1%Source: GreatHorn “2018 Email Security Benchmark”2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com05
There was minimal correlation betweenHowever, when we look at this by role, weMeanwhile those that indicate that theythe prevalence of a given type of attackfind that more technical decision makers“set the overall security strategy for ourand the importance assigned to it. Whenand budget owners (32%) worry “the most”organization” are disproportionatelyasked “Which email-based threat worriesabout credential theft compared to theirconcerned most about payload attacksyou the most?”, email security professionalspeers, though for technical decision makers,(33.9% vs the average of 22.5%).consistently ranked three threats at thethe most popular number one worry remainstop, regardless of organization size:impersonations at 35.1 percent.impersonations (28.8%), credential theft(24.7%), payload-based attacks (22.5%).Which email-based threat worries you the most?None of the aboveSpam / Gray mail6.2%Impersonation (ofexecutive, internalemployee,partner, customer,vendor, etc.)6.2%Source: GreatHorn “2018 Email Security Benchmark”Business servicesspoofing (e.g.DocuSign, ADP, UPS)%5.6.7%2876%of “dissatisfied”respondentssee impersonation attacks hituser inboxesWire transfer requestsW2 or confidential information2.9% requests / DLP / Others3.4%In contrast, data loss prevention wasconsistently the least cause of concern(0.6%), followed by W2 or confidential.5respondents expressed that they had no22information requests (1.7%). 3.4 percent ofPayload attacks (e.g.malicious / suspiciousattachments or links)%concerns about any email-based threats.2%4.7Credential theft(e.g. sending outa fake login page)Source: GreatHorn “2018 Email Security Benchmark”2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com06
PREVENTIONWhat strategies / technology do you use to guard against email threats?Native platform features(such as those in G-Suite & Office 365)55.4%User awareness & training(e.g. annual training, workshops, Cofense, KnowBe4, etc.)55.4%FirewallsSource: GreatHorn “2018 Email Security Benchmark”However, when we compare different groups54.3%Secure Email Gateway(e.g. Mimecast, Proofpoint, Barracuda,etc.)against their usage of specific strategies,we find some more remarkable differences.53.1%Stand-alone anti-virus / anti-spam solutionFor example, more than three-quarters(77%) of on-premises companies use secure48.0%Add-on platform features (e.g. Advanced ThreatProtection, Exchange Online Protection, etc.)email gateways compared to just 41 percentof cloud-email companies. On-premises37.7%companies were also far more likely to usestand-alone anti-virus / anti-spam solutions1.1% Nothing(57.4% vs 43.8%), user awareness & training(63.9% vs 51.8%), and firewalls (60.7%3.4% Other10%Source: GreatHorn “2018 Email Security Benchmark”On-premises companies are1.9x more likely to use asecure email gateway than acompany that uses cloud email.vs. 51.8%) than cloud-email companies.20%30%40%50%Meanwhile cloud-email companies were far60%On average, small companies andmore likely (22.3%) to either use “nothing”,cloud-based companies had slightly fewerjust “native cloud-email features”, oremail security countermeasures in place than“other”, compared to on-premisestheir enterprise and on-premises peers, butorganizations (8.2%). Details on the “Other”the difference was slight (average of 2.85,indicate a variety of options, such as2.96, 3.19, and 3.30 products / servicesenvironmental segregation (on-prem) andrespectively).newer cloud-native email security products.2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com07
REMEDIATIONIn addition to understanding the frequencyand type of threats organizations see, weasked them how often such threats requiredirect remediation such as suspendingcompromised accounts, PowerShell scripts,resetting compromised third-party accounts,board-level notifications of compromise, etc.On average, one in five respondents need totake such remediation actions on at least aweekly basis. An additional 20 percent needto do so at least monthly. Not surprisingly,the more often they reported seeing threats1 in 5respondentshave totake a direct remediationaction weekly due to anemail threat.in their inboxes, the more likely they were torequire daily or weekly remediation. Of therespondents who see threats reach inboxeson a daily basis, 40.9 percent of them haveto take remediation actions on at least aweekly basis.Source: GreatHorn “2018 Email Security Benchmark”Change that very slightly to look atrespondents who report threats weekly, andthe weekly remediation percentage dropsdown to 28.6 percent.2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com08
OVERALL SATISFACTIONOverall, almost half (46.1%) of allrespondents reported themselves lessthan “satisfied” with their current emailsecurity solution, and only 10.1% were“very satisfied.” Roughly a third (34.3%)indicated that their solution was just “goodSenior roles were more“dissatisfied” or “verydissatisfied” by their emailsecurity solution. (19.7% vs 11.8%)Source: GreatHorn “2018 Email Security Benchmark”enough.” These percentages held roughlytrue regardless of which email platform theywere using (i.e. Outlook 365/G Suite vs.on-premises), within 3-4 percentage points.Interestingly, however, when broken out byrole, the more senior roles (technical decisionmaker, budget owner, and CISO), weremuch more likely to be either “dissatisfied”or “very dissatisfied” by their email securitysolution (19.7% compared to 11.8%in general).2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com09
PRIORITIZING SECURITY INITIATIVESMore CISOs considered emailsecurity to be a top 3 criticalsecurity initiative than anyother security initiative.Across the entirety of the panel, morepeople (48.7%) selected email security as atop 3 security initiative than any other. Thiswas particularly true of respondents who “setthe security strategy” for their organization(e.g. the CISO role), who overwhelminglyselected email security as the top priority,DataSecurity39.7%54.4%a top three initiative, with the next closestbeing data security and identity and accessIAM39.7%Source: GreatHorn “2018 Email Security Benchmark”Finally, we wanted to understand theimportance of email security within thebroader security landscape. We presentedrespondents with 11 different securityinitiatives and asked them to select thethree most critical to the security of theirorganization.management tied for second at39.7 n fact, no matter how we looked at thedata, email security consistently landedin the top 3, followed typically by data20.6%17.6%APPsecurity (47.9% in the general population)and network security (43.1%), though IAM19.5%19.1%Fraudwas a close fourth at 40.1 percent (andoften, as indicated in the CISO roles, thethird priority). Even respondents that had noinvolvement in email security considered it atop three th 54.4 percent putting email security leSecurity10.9%20.6%SIEMSource: GreatHorn “2018 Email Security Benchmark”GeneralPopulationI Set the SecurityStrategy2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com10
SUMMARY65% highlighted fundamentaltechnical issues with theirexisting email security solution.Source: GreatHorn “2018 Email Security Benchmark”It’s clear from our survey that email securityremains both a top priority and a securityhole for organizations. According to Verizon’stheir solution. When asked, “Which of theIn the interest of keeping this benchmarkfollowing are problems for you despitefactual, the authors of this report willyour current email security solution? (Selectconstrain additional analysis to our blogall that apply)”, 64.6% of all respondents(www.greathorn.com/blog). Check it outindicated fundamental issues with theirto find out what we think of our findings,solution (this percentage rose to 71.3%see additional cuts of the data, and leavewhen evaluating just users that ranked emailcomments to give us your view.security as a top 3 initiative): 34.8% report that their current solution2018 Data Breach Investigations Report, one“Doesn’t stop internal threats (e.g. if ain 25 people will click on or respond to anyuser account is compromised)”given phishing attack, and only 17 percentof phishing attacks are reported. If you (e.g. malicious attachments and/or links)”consider then that 40 percent of the generalpopulation sees email threats on at least aweekly basis, the chances for exposure are engineering)”leaders clearly recognize the severity of this the top priority among all security initiatives.Of the respondents that ranked email20.2% report “Missing payload-freeattacks (e.g. impersonations, socialhigh. Our data shows that senior securitythreat given their ranking of email security as16.3% report “Missing payload attacks19.1% report “Weak (or no) remediationcapabilities if something gets through” 20.8% express concern that their solutionsecurity as a top 3 initiative, nearly half“Negatively impacts business operations(48.9%) were less than “satisfied” with(e.g. too many false positives)”2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com11
ABOUT THE PANELThis survey of 295 professionals, mostly (butnot all) in IT roles was gathered throughboth offline sources (Gartner Security & RiskRespondents by role (multiple answers allowed)Management Summit) as well as online (twoseparate panels, one more security focusedand one IT focused, from two different31%Decision Makerssources). Respondents were predominantlyBudget Ownersfrom North America.Involvement in email security26%Technology Evaluators38%No involvementin email security37%Sets Overall Security Strategy39%Business Evaluators28%Investigate and make recommendations53%61%No involvement in email securityEmail securityprofessionalsSource: GreatHorn “2018 Email Security Benchmark”39%n 295Source: GreatHorn “2018 Email Security Benchmark”2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com12
Email platform (Over 60% using cloud email)Company Size25%23.2%21.5%BothG suite andOffice 3651.1%19.9%20%18.7%15.0%15%38.7%On-premises& Office 3651.1%10.1%10%7.1%6.0%On-premises(e.g.)Source: GreatHorn “2018 Email Security Benchmark” 10,0005,001 - 10,0002,501 - 5,000101 - 50021 - 100On-premises with plans tomove to a cloud platform4.3%1 - 2033.3%501 - 2,5005%Source: GreatHorn “2018 Email Security Benchmark”2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com13
ABOUT GREATHORNGreatHorn protects Office 365 and GSuite customers from today’s sophisticatedemail threats by automating detection,remediation, and post-delivery incidentresponse. By combining deep relationshipanalytics with continuously evolving userand organizational profiling, GreatHorn’scloud-native email security platformprovides adaptive, anomaly-based threatdetection that secures email from malware,ransomware, executive impersonations,credential theft attempts, businessservices spoofing, and other socialengineering-based phishing attacks.More information is available atwww.greathorn.com2018 EMAIL SECURITY: Trends, Challenges, and Benchmarks www.greathorn.com14
2018 EMAIL SECURIT Trends, Challenges, and Benchmarks www.greathorn.com REPORT 2018 EMAIL SECURITY: TRENDS, CHALLENGES, AND BENCHMARKS . Secure Email Gateway (e.g. Mimecast, Proofpoint, Barracuda,etc.) 53.1% Stand-alone anti-virus / anti-spam solution 48.0% Native platform features
