By reporting suspicious emails to their cybersecurity teams, vigilant staff are helping minimize the potential risk of a breach. However, they are also creating work for their colleagues from the security department.
This is according to a new report from cybersecurity experts at F-Secure, based on analysis of submissions that came into the company's email reporting plugin for Microsoft Office 365.
In the first half of the year, workers submitted more than 200,000 emails for analysis, F-Secure said. That’s approximately two emails per employee.
Of that number, a third (33 percent) were either malicious or “highly suspect”, the paper says, adding that people most frequently reported emails with a suspicious link. They also often reported emails that had an incorrect or unexpected sender, while some reported messages as spam. In rare cases (7 percent), workers highlighted a suspicious email attachment.
Of all the emails reported, the vast majority (99 percent) were automatically analyzed, with the remaining 1 percent investigated by security pros. Almost two-thirds of those ended up being classified as phishing.
According to F-Secure, "aggressive reporting” can combat the problem of email-borne cyberattacks, but that also means a trained professional needs to investigate and respond. According to F-Secure Director of Consulting Riaan Naude, it takes a security professional anywhere between 15 minutes and an hour to respond, and when reports start piling up, stress levels increase.
"You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense,” said F-Secure Director of Consulting Riaan Naude. “Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”
- Here's our rundown of the best identity theft companies out there