Egress: Outbound Email Data Breaches Escalate During COVID-19

The switch to remote work has increased the amount of outbound emails, and therefore the volume of outbound email data breaches.

That’s according to a new report by London-based Egress. Arlington Research, on behalf of Egress, interviewed 538 senior managers responsible for IT security. Verticals include financial services, health care, banking and legal in the United States and United Kingdom.

Almost all (93%) of the IT leaders said their organization has suffered data breaches through outbound email in the last year.

Surprising Findings

Tony Pepper, Egress‘ CEO, said the frequency of outbound email data breaches is surprising.

Egress’ Tony Pepper

“When we average it out, organizations experienced 180 incidents in the last 12 months, which works out to one every 12 working hours,” he said. “That’s not a risk that can be ignored. And there’s no one leading cause. Across the board, people put data at risk by adding the wrong recipient or attaching the wrong document as frequently as they replied to a spear phishing attack.”

Plus, email breach risk is amplified by tired and stressed employees, and remote working, Pepper said.

“Finally, and probably the most alarming issue the report raises, is probably actually even worse than we know,” he said. “Sixty-two percent of CISOs rely on people to tell them about email security incidents, relying on a combination of sender, recipient and colleagues to report breaches. This is concerning because, first, the people involved have to recognize that an incident has occurred. And second, they then have to be willing to report it. Behavioral psychology shows us that people won’t always tell you when this has happened. As a result, we’re probably only seeing the tip of the iceberg of this issue for most organizations.”

Most Common Attacks

The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); and incorrect file attachments (80%).

Just about every (94%) organization has seen outbound email volume increase during COVID-19. And two in three (68%) say they have seen increases of between 26% and 75%.

In terms of the impact of the most serious breach incident at an individual level:

• Almost one-half (46%) of responsible employees get a formal warning.
• More than one in four (28%) are fired.
• Another one in four (27%) face legal action.

At an organizational level, one in three (33%) said it caused financial damage and more than one-quarter said it had led to an investigation by a regulatory body.

Organizations need to move outbound email data breaches to the top of the security priority list, Pepper said. They also need to invest in the technology that will actually solve this problem.

“Because everyone in every organization uses email every day, it really takes contextual [machine learning] technology to ensure the right email is going to the right recipient, without blocking people’s day-to-day productivity as they use email to communicate,” he said. “This is more important than ever, with remote and flexible working at an all-time high. In fact, one in two organizations have experienced over 50% more outbound email traffic since the start of the COVID-19 pandemic — and with more email, there’s more risk of a breach.”

Channel Can Help

One in six (16%) of those surveyed had no technology in place to protect data shared by outbound email. And where technology is deployed, adoption is patchy.

MSSPs and other cybersecurity providers can help, Pepper said.

“I think there are two main ways, really,” he said. “The first is partnering with the right vendor who can solve this problem, so you have a solution in your partner tech stack that you can offer to organizations that need to mitigate this risk. And then second, it’s about talking to customers about the problem — helping them to identify and measure the risk in their business. And by genuinely quantifying it, you help your security buyers build business cases that at an organizational level the customer is galvanized into acting on because they won’t be able to ignore or deprioritize the seriousness of this threat.”