Both human and technical defences against email attachments inadequate

News by SC Staff

Conventional anti-virus and sandboxing solutions are no longer effective defences against malicious email attachments, but relying upon employees doesn't work for companies either.

Most office workers (58 percent of those surveyed) open email attachments from anyone, whether they know them or not, and if the emails are spoofed to appear as if they are from a known contact, then a whopping 83 percent always or usually open attachments according to new research by Glasswall Solutions

The report which surveyed 1,000 employees at mid-to-large UK businesses also found that 34 percent of the respondents said their business had been victim of a cyber-attack, and 76 percent said they have received email attachments that were suspicious.

Greg Sim, CEO, Glasswall Solutions issued commentary on the report which made the point that, “Employees need to trust their emails to get on with their work, but with 94 percent of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers.”

He adds, “Conventional anti-virus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom.”

The scale of attacks is not surprising considering that half of those surveyed (55 percent) reported sending or received at least 11 documents via email every working day, thus 2,585 opportunities for attackers for each employee every year[1].

Understandably, employees rely on their employer provide protection for them, with 58 percent in the survey saying they would feel safer from cyber-crime if their employer had the right technology to protect them. But 20 percent of businesses had no policy on how to handle email attachments, or the respondents have not been made aware of it.

“Instead of relying on a failed combination of outdated anti-virus defences and the vigilance of their hard-pressed employees to protect them, businesses need innovative technology that stops all the threats in email attachments before they enter a network,” said Sim, echoing recent messages put out by the NCSC about the need to reduce the threats to which staff are exposed.

Sim adds, “But there is no excuse for complacency or defeatism – businesses need to implement the right technology and formulate an effective risk-policy in relation to email attachments. That way they will be back in control, instead of becoming yet another expensive, high-profile victim of hacking.”

Commentary provided with the report by Professor Andrew Martin, who leads several inter-disciplinary activities in cyber-security at the University of Oxford,  notes how,  "This research confirms anecdotal evidence that although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems.” Martin concludes, “Technology that's fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs."

[1] Calculated on the basis of 52 weeks minus five weeks' holiday [47] multiplied by five working days = 235, multiplied by 11 docs = 2,585.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews