Jason Howells explains how managed service providers can help businesses protect themselves from the growing risk of cyber attack
For all the innovations and advances in modern technology, email shows no sign of being replaced. Even with the rise of enterprise messaging tools such as Slack and Microsoft Teams, email retains an important role in how we communicate.
No wonder it continues to be a prime target for cyber criminals. When we recently polled 280 high-level EMEA IT decisionmakers about their email security measures, three quarters said they had seen an increase in email attacks against their organisation in the past three years.
In the last 12 months alone, 47% have experienced a ransomware attack, 31% have fallen victim to a business email compromise attack and 75% have suffered brand impersonation.
No organisation is too big or too small to find themselves in an attacker’s crosshairs, with small and medium-sized businesses (SMBs) making up 58% of all cybercrime victims, according to the Verizon 2018 Data Breach Report.
Email is under constant attack, in part because it is so vulnerable. Almost all of those we questioned (94%) admitted that their email security wasn’t up to scratch, often because of the actions of their own employees.
More than half (56%) say employees fail to adhere to correct security policies. In some cases, this is due to lack of awareness, with 29% receiving security awareness training just once a year and 7% receiving no security training whatsoever.
The human cost
In addition to the damage email attacks can do to a business, their increasing frequency and complexity are putting pressure on IT teams and affecting their well-being.
In a separate Barracuda survey of 660 global IT professionals, 38% cited an increase in cyber attacks as the chief reason for higher stress levels within and outside working hours. More than half (52%) doubted that their organisation would make improvements to email security in the next year.
Given the scale of the cyber threat, the high risk of human error and the potential damage to staff wellbeing, what can organisations do to protect themselves better?
MSPs can help spread the load
One option is to enlist the services of a Managed Services Provider (MSP). As attacks become increasingly sophisticated, an MSP makes it their duty to learn about, adapt to and keep up with the latest attacks. This is far beyond the capability of most organisations that don’t have the time or the money to keep their staff as informed as they should be.
Having a dedicated MSP also reduces stress and anxiety levels amongst IT staff who can now share the responsibility for email protection with a wider team of professionals. Suddenly, you’re no longer alone.
In the case of a successful attack, an MSP partner will be primed and ready for recovery. While your security team is likely to be overwhelmed, especially if it is their first experience of a successful attack, odds are that the MSP will have prior experience of such an event and be equipped to deal with it fast.
This is particularly beneficial to smaller organisations that might not have a team large enough to deal with an attack and would normally be forced to bring in staff from other departments to support them through the recovery process. Rather than waste time, money and manpower on the issue, working with an MSP means even the most sophisticated of attacks won’t keep you down for long.
Make an MSP your trusted partner and work safe in the knowledge that whatever email attacks you face, you won’t have to face the consequences alone.
Jason Howells is Director, International at Barracuda MSP, the MSP-dedicated business unit of Barracuda Networks. Barracuda MSP provides IT service providers with multi-layered defence against evolving security threats via a purpose-built MSP platform combining network, application and email security with reliable backup and recovery. Its solution portfolio includes hardware, software, virtual and cloud solutions, all managed from the ECHOplatform portal.
Data breaches a valuable learning experience
When next recruiting a cyber security leader, choose one who has suffered (and survived) a data breach, advises Dr Chris Brauer, Director of Innovation at Goldsmiths, University of London.
A survey of 3,000 cyber security leaders for his High Alert study commissioned by Symantec suggests that experience of a breach reduces security leaders’ future workplace stress levels and makes it more likely that they will share their knowledge with peers.
He found that security professionals who have survived an avoidable breach are 24% less likely to report feeling ‘burnt out’; 20% less likely to feel indifferent about their work; 15% less likely to feel personally responsible for an incident that could have been avoided; 14% less likely to feel ‘set up for failure’; 14% more likely to share their learning experiences; and 14% less likely to think about quitting their job.
Darren Thomson, CTO of Symantec EMEA, said: “My advice to CEOs is to see a cyber professional with a breach on their CV as a strength, rather than a weakness. Clearly, it’s an incredible learning experience, but the positive impact on a candidate’s character is just as valuable – they’re less emotionally charged, better at dealing with pressure and more likely to mentor others.”