Australian businesses are losing money in one-third of all email attacks on their networks, a new survey has revealed, with 80 per cent of all businesses targeted in at least one attack.
For its 2018 Understanding Email Fraud Survey, research firm Proofpoint surveyed 2,250 senior IT figures in Australia, France, Germany, the UK and the US about their experiences of fraud over the past two years.
The results found that email fraud is targeting businesses at an alarming rate, with 80 per cent of respondents admitting their firm was the target of at least one such attack, with a similar proportion expecting to fall to email fraud in the year ahead.
Australian respondents recorded a slightly higher rate of attacks than the 75 per cent average recorded across the five countries.
In just over one-third (35 per cent) of these attacks, fraudsters were successful in their attempt to steal money from the business. Yet the financial losses were dwarfed by those experiencing business disruption (55 per cent) and a loss of sensitive data (43 per cent) as the result of an attack.
Given that the mandatory data breach reporting rules are now in effect in Australia, the level of disruption caused by such attacks, and the corresponding reporting, are likely to increase further.
Interestingly, almost a quarter (24 per cent) of attacks directly led to one or more workers in the business having their employment terminated.
“With 59 per cent of organisations considering email fraud one of the top security risks to their business, it is encouraging that some are adopting techniques to protect their employees, partners, and customers,” Proofpoint’s Robert Holmes said of the 48 per cent of Australian businesses using email authentication and the 54 per cent using phishing detection programs.
“As the volume of attacks and level of sophistication employed by cybercriminals increase, organisations need to proactively shut down these tactics before the damage is done.”
According to the report, cyber criminals are also broadening their approach to impersonating internal figures in a bid to steal business funds.
“Cyber criminals have moved beyond CEO-to-CFO spoofing, where they pretend to be the chief executive to trick the finance leader into wiring money. Now they’re impersonating more identities and targeting a wider range of people within the targeted organization [sic],” it said.
“More than half (55 per cent) of respondents said their finance team is most at risk from email fraud. That’s no surprise—attackers follow the money. But 43 per cent of respondents also see accounts payable as a potential target, followed by the C-suite (37 per cent), and the general workforce (33 per cent).”
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.