[BreachExchange] 2017: The Year of Email Data Breaches

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 25 19:01:01 EST 2018


With emails forming the main artillery of communication in most
organizations, it is perhaps not surprising that email data breaches were
the main cause of critical data loss in financial, legal and professional
firms in the UK in 2017.

Emails ending up in the wrong hands can have devastating effects on a
company. Such a mistake can have huge ramifications ranging from client
data being compromised, to major reputational damage or direct financial
loss. With mainstream media coverage of these data breaches becoming a
regular occurrence, and drastic changes in regulation just around the
corner, email security is now more important than ever.

Specifically, misaddressed emails are the prime example of such enterprise
communication security breaches. The threat around misaddressed emails is
particularly alarming (it was the biggest form of data loss as reported by
the ICO in 2017) and it’s only becoming more problematic (there was a
further 27% increase in data sent by email to the wrong person in 2017).

It’s human nature to fear the shark when we go swimming, but it’s crossing
the road - an activity we do daily almost without thinking - that is much
more likely to kill you. There is currently an obsession with the detection
of attacks caused by malicious external parties, but the most common data
security incidents reported to the ICO this year are all linked to human
error from within a business.

The problem with data breaches that result from human error is that they’re
unintentional, and therefore harder to prevent, yet the consequences can be
just as catastrophic as an external hack.

As of May next year, UK businesses will be faced with the reality of
serious financial penalties for such breaches in data privacy when GDPR
legislation comes into effect. With this in mind, companies now need to
have an enterprise communication security strategy in place to prevent
their number one risk of data loss: misaddressed emails.

A strong enterprise communication security strategy will prevent data loss
before it occurs via email or any other communication platform, and not
simply report a loss after it has already happened. Cyber security
solutions that use machine learning to analyze employee behavior and
intervene to stop a breach are the most effective tech solutions. For
enterprise businesses that operate on a large scale with huge numbers of
employees, it is also imperative to implement firm-wide staff training on
email security best practice and security tips to create a unified defense
against data loss.

As we observed in 2017, data breaches are an ever-evolving threat. Keeping
your employees aware of these threats by consistent training and efforts to
raise awareness is also a key aspect of an enterprise communication

There is a preconceived notion within information security that to keep
data secure you must make it impossible for outsiders to get in, however,
most organizations are significantly unprepared to deal with the huge
problem of data loss through human error.

According to research by IBM, 95% of all security incidents involved human
error. Email is the main artery of communication for any firm be it
Financial, legal as it provides many benefits like speed, clarity and
ubiquity, but these benefits are also attributes that make it such a big
threat to a company, its employees and its data.

It is important to look at security processes from an internal point of
view and look to improve them by investing in people with security
awareness training sessions and tools utilizing cutting-edge technology
which will automatically detect and prevent human errors being made.
Companies will then be in a position to use this technology to their
advantage and safeguard for the future.

UK companies are realizing the importance of investing in cyber security
technology not just to prevent, but also to detect and report, any emails
that could have been sent to the wrong person. Given the current climate
and impending changes to UK data law, having control and peace of mind that
confidential client data will remain confidential is a critical priority
for all businesses in 2018.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180125/6e7a7ebf/attachment.html>

More information about the BreachExchange mailing list