Security experts are practically begging corporates to get serious with cybersecurity. Research released only days ago from Centrify found that two-thirds of surveyed companies have experienced at least five security breaches in the past two years, while separate analysis from the Identify Theft Resource Center and CyberScout have pegged 2016 as a record year for cyberattacks in the U.S.
Google is a vocal player in the fight for enterprise cybersecurity. Most recently, the tech giant presented new research at the cybersecurity gathering of the RSA Conference, held earlier this month, highlighting just how vulnerable corporate inboxes are to phishing scams.
Spam, Google wrote in a Security Blog post, is certainly the most common cyberattack to hit an email inbox. But phishing and malware scams are significantly more common for corporate inboxes, with cyber attackers more than four times as likely to hit a business email than a personal one when looking to infect a computer with malware.
The phishing threat is even greater, with attackers more than six times as likely to hit a corporate inbox than a personal one, Google said.
Attackers have sophisticated ways of targeting their corporate prey, researchers found. For instance, nonprofits and education service providers are each more than twice as likely to be hit with a malware attack.
“These nuances go all the way down to the granularity of country and industry type,” Google wrote in its Security Blog. “This shows how security and abuse professionals must tailor defenses based on their personalized threat model, where no single corporate user faces the same attacks.”
Finance, entertainment and IT are the industries most prone to phishing attacks as of the first quarter of this year, according to Google analysis.
Reports in Security Intelligence covering Google’s findings highlight that the conclusions aren’t “unusual,” considering the sensitive corporate data that can be found in an employee inbox — information, the publication noted, that can go for big bucks on the dark web. Business email compromise scams can be especially lucrative, enabling a hacker to gain access to accounting departments.
In its conclusion, Google urges businesses to head to warnings of phishing and malware attacks, deploy a two-layer authentication system, and make use of technical cybersecurity solutions offered by Google and other enterprise service providers.
But the research and the warnings may be falling on deaf ears. Centrify’s research suggests that businesses aren’t taking the advice of security experts.
“Cybersecurity breaches are causing more havoc and affecting more industries than ever before,” said Centrify CEO Tom Kemp in a statement issued when the report was released. “Despite over $75 billion spent on cybersecurity in 2016, the products and services from major security companies have failed to stop breaches from occurring, and in fact, the problem is getting worse.”
According to Kemp, the traditional approaches to enterprise cybersecurity simply aren’t working.
Google has introduced new security features for its enterprise apps in an effort to safeguard its business clients. Earlier this year, the firm released new options for administrators of the G Suite productivity apps it offers, enabling these professionals to require security keys and tokenization for employees to access data found on the apps, for instance.
The new features followed the release of earlier research on the use of security keys among Google’s own workforce. That analysis found that this security tool is more effective than two-factor verification solutions like smartphones at preventing data hacks.
Considering Google’s decision to hand administrators the power to deploy more effective cybersecurity solutions, it may signal that the fight against corporate data theft and hacks doesn’t land solely on the shoulders of the enterprise service provider — it’s the responsibility of the company, too, to combat this threat.