Email security

Can Users Be Trusted to Skirt Hackers’ Lures?

Credit: Getty Images

Some 75% of IT and security professionals use a secure email gateway server to monitor and manage emails on a corporate network yet the most common fortifications assume human error will still open the door to malware attacks, according to new research.

Conducted by CyberRisk Alliance (CRA), the study found that multifactor authentication (MFA) and corporate insistence on strong passwords underlie the “most common endpoint security methods.” Note, CRA is the parent company of MSSP Alert.

CRA’s August 2023 Cybersecurity Buyer Intelligence survey of 200 security and IT leaders and executives, practitioners, administrators and compliance professionals concluded that deploying a secure email gateway server isn’t enough to guarantee network email security.

In other words, the disconnect is a conundrum for employers. The study’s results concluded that a secure email gateway server doesn’t preclude the certainty among IT and security professionals that employees will still, albeit unintentionally, misstep into a hacker’s trap.

3 of 5 Compromised

Here are some additional findings from the report: (per CRA)

  • Three out of five respondents admitted to one or more compromised endpoints in the last year. That’s a lot of compromise, considering 63% reported having 1,000 or more endpoints on their network. Desktops, mobile devices (like laptops and tablets), and servers were the most common targets of these attacks.
  • 59% of respondents are confident that at least three quarters of their endpoints receive monitoring around the clock. That means a huge proportion of devices are essentially being left either operating off the grid or receiving only periodic attention.

  • Endpoint security prioritizes securing end users from their own behaviors. MFA, strong password enforcement, and security awareness training are the most common tactics used for endpoint security. Many respondents employ an EDR or EPP tool in their endpoint security strategy, but more than a third plan to incorporate an AI or machine learning-based approach to their strategy in 2024.
  • Employee negligence and user carelessness is still considered the top challenge to securing endpoints. Half of all respondents are concerned that users will fall prey to schemes that give hackers entry into the network.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.