51% of surveyed IT administrators experienced a recent malware breach, emphasising the importance of employee education and multi anti-malware scanning.
LONDON, UK: OPSWAT has announced the results of a recent email security survey held in partnership with Red Earth Software, developers of email security solutions for Exchange Server.
The survey was completed by 146 IT Administrators at small to medium-sized businesses using Microsoft Exchange Server. They were asked various questions relating to email security.
The survey revealed that over 50% of the respondents experienced malware breaches in the past 18 months. Alarmingly, half of the companies surveyed declared that phishing emails managed to get past filters and trick employees.
Spam and malware were identified as the two top weakest links respondents had with their current email security solution. From the survey, OPSWAT was able to collect some key statistics on the email security practices of companies and expand on several identified issues.
· 51% of companies had malware get past their email filters in the last 18 months
· 50% of companies had employees that clicked on phishing links in the last 18 months
· 55% of respondents are ‘not certain’ or ‘not certain at all’ that their employees will not click on phishing links or malicious email attachments
· 39% of respondents use only one anti-malware engine
· 68% of companies do not use any form of email encryption
Internal training is essential, all levels of staff should be informed and made aware about IT Security and hopefully the aforementioned statistics will be significantly reduced.
“With the sheer number of new viruses introduced every day, it is not surprising that 51% of the respondents experienced a malware breach, particularly since 39% only utilized one anti-malware solution,” said Tony Berning, Product Manager for the Metascan product line at OPSWAT. “By using only one or two anti-virus engines, companies are exposing themselves to malware threats, since no anti-virus engine can be accurate 100% of the time.”
Why multi-scanning?
The majority of respondents from the OPSWAT survey were only using 1-2 antivirus engines to scan for potential threats. In addition, 51% of companies surveyed had malware get past their email filters in the last 18 months. When one anti-virus software doesn’t detect a threat, there is still a good chance that another engine will. Each anti-malware engine brings different capabilities to the table. Metascan’s multi-scanning technology leverages the power of over 40 antivirus engines to scan data entering an organization or sent internally. Metascan also provides file filtering capabilities and allows customers to sanitize potentially dangerous media by converting files and removing embedded malware.
Importance of email encryption
68% of the companies included in our survey did not use any form of email encryption. Email encryption may not seem like it is necessary, especially if a company feels like they have nothing to hide. Privacy isn’t about what you have to hide from the public; it’s what you have to lose.
The recent attack on Sony is a perfect example of how faulty email practices and the loss of private company data can come back to bite you. Email encryption works by using both a public key and a private key. The public key can be accessed by anyone and is used to encrypt email messages. The private key is kept secure by the email service used by a company or the IT department and is used to decrypt messages. Email encryption is mandatory for some organizations while others have not yet implemented the practice. If an organization does not utilize email encryption, their private information is vulnerable to attacks. Without encryption, anyone connected to a companies’ network can read messages, potentially exposing private company information.
What your employees don’t know can harm you .
It is remarkable that even with the abovementioned statistics; employees still hold a somewhat complacent attitude regarding email security. This indicated that companies must change their culture and ensure that training is an integral part of their infrastructure.
What would you most like to see improved in your current email security solution?
Nothing – 42%
More accurate spam filtering – 13%
Better quarantine and allow list management – 11%
Better message tracking – 6%
Improved anti-malware - 4%
Email content security features – 4%