Human Risk and AI in the State of Email and Collaboration Security

The rising need to address human risk management and security awareness training among users across the organization provides the backdrop for Mimecast's recently released The State of Email & Collaboration Security 2024(SOECS 2024) report. Based on interviews with 1,100 CISOs and other information technology professionals from numerous industrial sectors and six countries, the report documents the precise nature of these risks and the steps that are being taken to overcome them.

This year's findings confirm that human risk is today's biggest cybersecurity gap and remains largely unaddressed. Meanwhile, email remains the number-one attack vector for cybercriminals, and phishing attacks remain the top threat to email users.

A key reason for the accelerated spread of phishing and ransomware is the emergence of generative AI, which makes it easier for threat actors to perpetrate successful attacks by better mimicking real emails. Generative AI eliminates many of the grammatical and spelling errors that were once easily spotted red flags in malicious emails.

This eighth annual study - expanded for 2024 to include the risks associated with collaboration tools - is heartening, however, as it demonstrates a dramatic rise in cyber preparedness among businesses worldwide.

Human Risk

Nearly three-quarters (74 percent) of those surveyed for the Mimecast SOECS 2024 report state their cyber breaches are caused by human factors - errors, stolen credentials, misuse of access privileges or social engineering.

Additionally, 75 percent of SOECS 2024 respondents say their company is at risk of inadvertent data leaks by careless or negligent employees. More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. Yet, only 15 percent of companies provide cyber awareness training to their employees on an ongoing basis.

Email and Phishing Attacks

Email remains the number-one attack vector for cybercriminals, and phishing attacks remain the top threat to email users. 41 percent of SOECS 2024 participants experienced more email-based threats in the past 12 months, and 38 percent see the growing sophistication of these attacks as their biggest email security challenge in 2024. Eight out of 10 companies have been the victims of ransomware, while 75 percent state they paid the ransom.

Spending Constraints

SOECS 2024 respondents also shared that on average, 9 percent of their organization's IT budget is allocated to cybersecurity vs. the 12% they'd like to see allocated for cyber preparedness. These spending constraints mean that more than one-third (35 percent) say they have been blocked from investing in cybersecurity solutions apart from those provided by Microsoft 365.

Microsoft 365

Protections provided by the Microsoft software suite have significant limitations without the use of additional non-native security tools. One-third of respondents say M365's native security protections were unable to prevent malware (37 percent), spam (33 percent), or phishing (33 percent) attacks. And, 32 percent said that by themselves, the M365 security apps couldn't block business email compromise and spoofing attacks against their company.

Generative AI

80 percent of those surveyed are concerned about new threats posed by AI. Yet, a large majority (86 percent) believe they will be able to respond to an AI-spawned attack as readily as any other incursion.

Collaboration Tools

Bad actors are taking advantage of the rapid spread and growing reliance on collaborative software, which expands an organization's attack surface. 70 percent of survey respondents say collaboration tools pose urgent new threats. 69 percent think it is likely, extremely likely, or even inevitable that their company will be harmed by a collaboration tool-based attack. Despite the dangers, more than one-third (37 percent) of respondents say their companies are only relying on the native security protections included in their collaborative software.

The Bottom Line

While many challenges persist and funding shortfalls remain an issue, cyber preparedness is a glimmer of hope for cybersecurity professionals. Organizations need to evolve continually and must bring human risk management to the forefront of their efforts. For a complete, in-depth breakdown of the topics discussed here, read Mimecast's The State of Email & Collaboration Security 2024 report.

Public link

Please use the above public link if you want to share this noodl on another website.