A Third of Suspicious Emails Reported by Employees Are Phishing

Facilitating employee reporting of phishing attempts is an effective security control when teams use automation to handle increased workload.

Helsinki, Finland – September 8, 2021: 33% of emails employees report as phishing are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021, and highlights the efficacy of employee-led efforts in preventing cyber attacks.

Approximately one third of people working for organizations using F-Secure’s email reporting plugin for Microsoft Office 365 submitted over 200 000 emails for analysis during the first half of the year. On average, active users submitted 2.14 emails each during the period.

According to the analysis (available at https://www.f-secure.com/content/dam/press/en/media-library/reports/F-Secure_automation_burnout.pdf) the most common reason users gave for reporting emails was a suspicious link, which was cited by 59% of users. 54% reported an email because of an incorrect or unexpected sender, and 37% because of suspected spam. 34% of users suspected the use of social engineering in an email, while 7% reported because of a suspicious attachment.

99% of the reports were automatically analyzed. Out of those, 33% were classified as phishing. Security professionals manually investigated the remaining 1% of reported emails and determined 63% of those were phishing attempts.

"You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense,” said F-Secure Director of Consulting Riaan Naude. “Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”

Email is the most common method cyber criminals use to spread malware, and accounted for over half of infection attempts in 2020.* While aggressive reporting can clearly combat this problem, there are downsides. For every reported email, a trained professional needs to investigate and respond. Naude estimates this can take anywhere between 15 minutes to an hour depending on professional background and complexity of the particular case.

Considering that 73% of organizations surveyed in a 2019 study from the Ponemon Institute** said burnout due to an increasing workload made working in a security operations center (SOC) painful, organizations need to give security teams tools to properly manage the increased workload. 67% of respondents in the study identified automation of workflow as the most important measure to alleviate their SOC team’s pain.

“Manual triage is clearly a burden, and reporting emails initiates this triage process, regardless of whether or not the email is an actual threat. It’s clearly one of those areas where experts need tech to help them scale existing knowledge and skills,” said Naude.   

More information on solutions that help organizations address phishing and other security challenges is available at https://www.f-secure.com/business.

*Source: https://blog-assets.f-secure.com/wp-content/uploads/2021/03/30120359/attack-landscape-update-h1-2021.pdf.
**Source: https://www.devo.com/wp-content/uploads/2019/07/2019-Devo-Ponemon-Study-Final.pdf.

About F-Secure

Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859
adam.pilkey@f-secure.com

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.