Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
Lax email security practices are prompting cyber leaders to take drastic action against staff who are duped by cyber criminals
Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks.
Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident in the past 12 months.
The acceleration of email-based security threats, researchers said, has cyber security leaders “stressed about risks” and has prompted practitioners to impose harsh consequences on staff who fall prey to attackers.
In particular, the report highlighted an increase in phishing attacks against organizations last year, with security leaders reporting a 10% surge in this attack method.
Human error was also pinpointed as a leading factor in many email security breaches, the report said.
Jack Chapman, VP of threat intelligence at Egress, said the study highlights the continued threats faced by firms worldwide and the increasingly sophisticated techniques employed by cyber criminals.
"Organizations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration,” he said.
"58% of organizations have experienced account takeover incidents in the last 12 months, and 79% of these started with a phishing email that harvested an employee’s credentials, so it’s no wonder that phishing attacks and compromised accounts are causing concern for our cyber security leaders.“
Poor email security is prompting desperate measures
Bosses are now beginning to take a tougher stance on employees caught out by phishing attacks, the study found.
Just over half of employees caught out by phishing attacks were disciplined over the last year, Egress said, while four-in-ten were fired.
Around one-quarter left their roles voluntarily after falling victim to a phishing attack.
Get an understanding of the tactics used in phishing attacks and prevent costly data breaches
DOWNLOAD NOW
In outbound email incidents, two thirds of those affected were disciplined, let go, or chose to leave the organization.
The strict reaction from some cyber security leaders can, at least in part, be explained by the fact that email security breaches continue to have “far-reaching” consequences for businesses, Egress said.
Businesses typically incur significant financial losses in the wake of an incident, along with customer churn, the report said. Reputational damage was also a major issue experienced by affected organizations in both inbound and outbound incidents, it added.
Security leaders “kept aware at night” by AI risks
Nearly three-quarters (61%) of security leaders told Egress that the use of AI tools among cyber criminals has become a key concern in recent months.
This trend is expected to continue well into 2024 and beyond, the study said, with leaders expecting attackers to fine-tune their capabilities through these tools.
"The use of AI by cyber criminals is also at the front of our leaders’ minds, and rightly so," said Chapman.
"While it’s currently impossible to actually prove chatbots are being used to create phishing attacks, cyber criminals generally take every advantage they can get."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.