New Study from ESG & IRONSCALES Shows Email as Primary Threat Vector Despite Increased Adoption of Collaboration Tools
June 2023 by IRONSCALES
Research highlights the importance of creating a security-aware culture on top of advanced detection and prevention technology
IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global enterprises, unveiled the findings of a new research report in collaboration with TechTarget’s Enterprise Strategy Group (ESG). The study, Tackling SaaS Communication and Collaboration Security Challenges: Trends and Strategies for Enterprises, investigates the awareness and capabilities of IT and cybersecurity professionals in countering emerging threats arising from the growing use of cloud-based communication and collaboration tools.
Many tools are being utilized throughout the enterprise to enhance collaboration and communication as employees continue to work remotely or hybrid, and the use of unsanctioned apps adds to the shadow IT problem, increasing potential security risks. Yet, despite the complex nature of managing a multitude of tools, email remains the top security concern (38%) and is still viewed as the most vulnerable communication and collaboration tool within the enterprise. The research conducted by ESG highlights that within the past year, phishing attacks (34%) and business email compromise (BEC) scams encompassing wire transfer fraud, payroll fraud, and payment fraud (26%) rank among the top threats that have successfully circumvented existing security measures.
"While most organizations are leveraging six or more tools for communication and collaboration, email tops the list by a wide margin as the channel considered most vulnerable to threat actors," said Dave Gruber, Principal Analyst, ESG. "The good news is that organizations are focused on strengthening all communication and collaboration channels collectively, including email."
The research further uncovers persistent gaps in email security controls, despite efforts to prioritize and invest in this area. Notably, nearly a quarter (23%) of respondents say that their current email security strategy lacks comprehensive security awareness training and assessments. Additionally, a quarter of respondents indicated consistent concern regarding inbound email attacks that evade and breach native security controls.
While many respondents will continue to rely on native security controls provided by their cloud email solution provider, more than a third (34%) report already implementing additional third-party security controls to address these gaps, with another 46% planning to do so in the next 12 months.
"This research is highlighting the reality that there is only so much technology alone can do to protect against advanced phishing and BEC attacks," said Audian Paxson, Director of Technical Product Marketing at IRONSCALES. "Native tooling can provide some useful table stakes, but stopping advanced phishing attacks requires a more sophisticated set of tooling. Enterprises are recognizing that to thwart emerging threats, especially those leveraging social engineering and AI, they need to complement their AI-powered email security solutions with collaborative human insights."
The report underscores the continued importance of security fundamentals and best practices that all organizations should adhere to, such as regular assessments for shadow IT, defining clear responsibilities for security and management, and continual analysis of existing security stacks.
Nearly 500 IT and cybersecurity professionals from private- and public-sector organizations throughout the U.S. and Western Europe were surveyed in early 2023 for this report.