Your employees are your biggest vulnerability. Often, these are genuine mistakes: people accidentally falling for phishing attacks or mistakenly leaking data. Occasionally, employees also intentionally break the rules.
Regardless of their intent, individuals create risk every day for your business — while simply doing their jobs. In fact, research finds 83% of organizations experienced a serious incident caused by human error. The 2021 Egress Insider Data Breach Survey also finds 73% of enterprises have been victims of phishing.
“As the pandemic sent most people into remote-work environments, employees have increased their reliance on email communication to get jobs done ,” said Egress CEO Tony Pepper. “Unfortunately, it is also a risky means of communication because so many mistakes are made using email.”
Phishing in particular is a massive problem when it comes to email security. Various research reports have found that up to 3 billion phishing emails are sent every day. And the criminals that craft phishing lures continue to evolve their techniques to become more convincing.
Business Email Compromise (BEC) attacks are also on the upswing as spear-phishing hackers find ways to target executives and develop convincing messages that persuade individuals to click or download malicious software. Once in corporate systems, criminals can move around, steal data and wreak havoc through attacks, such as those that use ransomware to lock up machines.
Getting Out in Front of Human-Activated Risks
A modern security strategy and tools are critical today to help organizations get in front of this ever-present challenge. That’s why security leaders are looking to intelligent security software to eliminate insider risk. For inbound attacks on email, solutions must take a zero-trust approach that uses machine learning and natural language processing to analyze the content and context of every email. This ensures risks are detected even when legitimate supplier email accounts are used to launch attacks.
To prevent outbound data loss, contextual machine learning and social graph technologies should be used to deeply understand each user’s behaviors, detecting when they’re about to leak data — either accidentally or intentionally — then alert them to correct their mistake or block content sharing altogether.
With these kinds of intuitive alerts, intelligent technology removes friction so that employees won’t ignore security policies simply because they are too cumbersome. With an invisible but ever-present layer of security, employees stay productive and secure.
Egress can help you get in front of risky behavior and stop phising attacks and data loss before they turn into security incidents. Download the Insider Data Breach Survey to find out how people create risk and what you can do about it.
Next read this: