New Study from ESG & IRONSCALES Shows Email as Primary Threat Vector Despite Increased Adoption of Collaboration Tools

Research highlights the importance of creating a security-aware culture on top of advanced detection and prevention technology

IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global enterprises, unveiled the findings of a new research report in collaboration with TechTarget’s Enterprise Strategy Group (ESG). The study, Tackling SaaS Communication and Collaboration Security Challenges: Trends and Strategies for Enterprises, investigates the awareness and capabilities of IT and cybersecurity professionals in countering emerging threats arising from the growing use of cloud-based communication and collaboration tools.

Many tools are being utilized throughout the enterprise to enhance collaboration and communication as employees continue to work remotely or hybrid, and the use of unsanctioned apps adds to the shadow IT problem, increasing potential security risks. Yet, despite the complex nature of managing a multitude of tools, email remains the top security concern (38%) and is still viewed as the most vulnerable communication and collaboration tool within the enterprise. The research conducted by ESG highlights that within the past year, phishing attacks (34%) and business email compromise (BEC) scams encompassing wire transfer fraud, payroll fraud, and payment fraud (26%) rank among the top threats that have successfully circumvented existing security measures.

Marketing Technology News: MarTech Interview with Humberto Farias, CEO at FanHero

“The good news is that organizations are focused on strengthening all communication and collaboration channels collectively, including email.”

“While most organizations are leveraging six or more tools for communication and collaboration, email tops the list by a wide margin as the channel considered most vulnerable to threat actors,” said Dave Gruber, Principal Analyst, ESG. “The good news is that organizations are focused on strengthening all communication and collaboration channels collectively, including email.”

The research further uncovers persistent gaps in email security controls, despite efforts to prioritize and invest in this area. Notably, nearly a quarter (23%) of respondents say that their current email security strategy lacks comprehensive security awareness training and assessments. Additionally, a quarter of respondents indicated consistent concern regarding inbound email attacks that evade and breach native security controls.

While many respondents will continue to rely on native security controls provided by their cloud email solution provider, more than a third (34%) report already implementing additional third-party security controls to address these gaps, with another 46% planning to do so in the next 12 months.

Marketing Technology News: AI isn’t Coming for Your Job, It’s Here to Make our Jobs Easier and Improve Our Business

“This research is highlighting the reality that there is only so much technology alone can do to protect against advanced phishing and BEC attacks,” said Audian Paxson, Director of Technical Product Marketing at IRONSCALES. “Native tooling can provide some useful table stakes, but stopping advanced phishing attacks requires a more sophisticated set of tooling. Enterprises are recognizing that to thwart emerging threats, especially those leveraging social engineering and AI, they need to complement their AI-powered email security solutions with collaborative human insights.”

The report underscores the continued importance of security fundamentals and best practices that all organizations should adhere to, such as regular assessments for shadow IT, defining clear responsibilities for security and management, and continual analysis of existing security stacks.

Brought to you by
For Sales, write to: contact@martechseries.com
Copyright © 2024 MarTech Series. All Rights Reserved.Privacy Policy
To repurpose or use any of the content or material on this and our sister sites, explicit written permission needs to be sought.