Right on cue with the end of summer, the autumn leaves have begun to fall and the weather has started to turn. Much like the weather, cybercriminals are forever changing their tactics in order to find the most efficient and lucrative way of exploiting organisations and getting past those pesky cybersecurity defences.
In this context, it may come as no surprise that security concerns – with ransomware singled out by respondents as the top issue – remain the biggest barrier holding people back from adopting cloud, according to our new study which polled over 1,100 organisations.
This is despite firms increasingly turning to Microsoft Office 365, with almost two thirds (62%) of businesses in EMEA now using Office 365, an increase of 50% on 2016. Of those not yet using the productivity suite, just under 40% plan to migrate in the future. As this year-on-year adoption continues to increase across the EMEA region, it’s natural to assume that concerns over cyber threats will keep pace.
Interestingly, the most common reason for not migrating to Office 365 has changed since last year’s study, with businesses in EMEA joining those in the US in citing security concerns as the top reason (32%). Unlike the US, where this was largest by a distance, only 28% of EMEA businesses still cite a “no cloud” policy as a significant reason they have not migrated.
Unsurprisingly, the biggest security concern for over 90% of EMEA businesses is ransomware. This anxiety is well-founded – nearly half (48%) of respondents had already been hit by an infection and figures detailed by European Commissioner Julian King suggest 4000 ransomware attacks now take place every day in the EU. Although our research suggests only 3% of organisations ultimately resorted to paying the ransom, which is encouraging reading for the backup advocates among us.
Don’t forget about those winter layers
Despite these concerns, over 85% of respondents aren’t using Microsoft’s Office 365 Advanced Threat Protection (ATP) which would make more sense if they are instead relying on third-party security to enhance Office 365’s protection. However, it looks like only just over two fifths (43%) are using third-party security solutions to mitigate threats.
So although it’s encouraging to see more organisations wake up to the realities of cybersecurity, clearly more need to put their resource where their concerns lie and adopt more of a layered approach to mitigate attacks.
This is especially true when it comes to protecting yourself against social engineering attacks. 41% of respondents are concerned about phishing, spear phishing or impersonation attacks. Yet just 14% have a third party solution in place to reinforce protection against these threats.
The truth is, email is still king when it comes to cybercriminals’ vector of choice – almost three quarters (70%) of ransomware attacks enter via email, versus 18% attributed to web traffic and just 12% attributed to network traffic, according to our respondents.
Wrap up warm before the next generation of attacks hit
It is vital that your organisation throws on its wooly jumper this autumn, in the form of the next generation of security, before the cybercriminals catch up. When it comes to malware delivered via email, most organisations now have some kind of protection in place to either prevent a click on malicious emails or restore from backup if a click occurs.
But the reality is this is no longer enough. Nowadays, the real danger comes in the form of highly targeted, heavily researched, compelling spear phishing attacks. They work because they are believable: cybercriminals spend a huge amount of time making them look as realistic as possible and the results can be devastating. We are now seeing criminals using this approach moving from the C-Suite to lower and mid-level employees, and from large organisations to smaller ones with fewer resources.
So how can you stop them? Defend yourself on three fronts. First, adopt a next-generation cybersecurity solution that includes an artificial intelligence (AI) engine that learns organisations’ unique communications patterns to identify anomalies and impersonation attempts. Second, test your employees by challenging them with simulated spear-phishing attacks. Finally, use a modern email security gateway with static advanced threat prevention. This combination effectively combats against this new generation of attacks. As the threat landscape changes, it’s important for you to act just as quickly as the cybercriminals.
Click here to register for our webinar on 2nd November to find out how Action for Children has migrated to Office 365 with security at the forefront of their strategy.
Chris Ross est vice-président senior des ventes internationales chez Barracuda, où il assume la responsabilité stratégique et opérationnelle des marchés mondiaux. Connectez-vous avec lui sur LinkedIn.