Security News > 2021 > June > What happens after a malicious email reaches employees’ inboxes?

On average, it takes three and half days from the moment a malicious email attack lands in an employees inbox, to when it is discovered by a security team or reported by end users and remediated, says new insight from Barracuda Networks.

Researchers analyzed threat patterns and response practices across 3500 organizations, analyzing what happens after a malicious email bypasses an organization's security measures and lands in a user's inbox.

3% of employees will click on a malicious email link.

Interestingly, two-thirds of the malicious emails which had landed in employees primary inbox were discovered through internal threat hunting investigations launched by the IT team.

"Michael Flouton, VP Product, Barracuda Networks comments:"There is no such thing as cybersecurity software which is 100 percent effective against inbound email attacks, and organizations must prioritize security awareness training sessions for its employees - our research even revealed that organizations that train their users will see a 73 percent improvement in the accuracy of user-reported email after only two training campaigns.

"Organizations should also consider automating incident response systems, adopt threat hunting tools, and share and receive threat intelligence from other companies, all for the purpose of significantly improving incident response times to post-delivery email threats, and catching these malicious attacks before they develop into something more severe."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/i9oWSF1lZFY/