A recent survey conducted on 538 IT leaders has revealed 93% have experienced a data breach as a result of an email error, with 70% believing the move to remote working has increased the risk of outbound email breaches of sensitive data.
The research was conducted by email security firm Egress and highlights the risk associated with outbound email and why it is important to implement an email security solution capable of scanning outbound email to detect intentional and unintentional email data breaches. Many companies have implemented data loss prevention solutions, but traditional DLP solutions are not capable of detecting email data breaches in outbound email.
“Organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake,” said Tony Pepper, CEO Egress.
When asked what type of email breaches had been experienced, the most common breaches were responses to spear phishing emails, the sending of incorrect email attachments, and sending emails containing sensitive data to an incorrect recipient. Organizations represented in the survey reported an average of 180 incidents a year where sensitive data had been put at risk, which is one incident every 12 hours.
During the COVID-19 pandemic, many workers have been working remotely from their own homes. As a result of the change in working practices, more outbound emails are now being sent and that increases risk. 94% of respondents said they had seen an increase in outbound email during the COVID-19 pandemic, with 68% saying outbound email volume had increased by between 26% and 75%.
Home workers may report being more productive working from home than they are in the office, but it can be much easier for mistakes to be made than when in the office, and harder for security teams to detect errors, deliberate data theft, and well-intentioned but risky email practices. When asked about the cause of the most serious breach in the past 12 months, the most common cited factor was a worker being tired or stressed, with the second most common factor being home working.
The study revealed 76% of breaches were due to intentional exfiltration of data by employees, which is a mix of employees sending data to personal webmail accounts with malicious intent and those that do so to work more efficiently.
Many businesses do not have IT solutions in place capable of detecting and blocking outbound emails containing sensitive data. 63% of respondents said they relied on manual processes to detect these incidents, with 24% saying the employee who made a mistake owned up and reported the error to the IT department.
“Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organizations are experiencing 10-times the number of incidents than they are aware of,” said Pepper. “It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place.”