sb-au logo
Story image

New study shows email security systems not up to scratch as malicious emails pour in

18 Apr 2018

Incumbent email security systems are missing tens of thousands of emails containing malware, putting users and networks at risk of attack, a new survey from Mimecast says.

Its quarterly Email Security Risk Assessment (ESRA) found that out of the 95 million emails analysed there were 14.2 million spam emails, 9992 emails containing dangerous file types, and 849 unknown emails with malware attachments. 11,653 known emails with malicious attachment also escaped detection by email providers and landed straight in users’ inboxes.

According to Mimecast, organisations invest millions of dollars in deploying email security systems such as Microsoft Office 365 EOP/ATP, Proofpoint Enterprise, Symantec Email Security Cloud, amongst others.

Organisations also continue to be plagued by impersonation attacks. 23,072 were detected last quarter, a 22% increase quarter-by-quarter.

According to Mimecast cybersecurity strategist Matthew Gardiner, the ESRA should be viewed as a standard of transparency that raises the bar for vendors to help customers find weaknesses in their defences.

“Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6% of the aggregate impersonation attacks while another global security vendor missed the 83.4% of the “known” malware attachments,” he says.

The results from the ESRA are consistent with a study Mimecast recently conducted with Vanson Bourne. The study aimed to understand organisations’ cybersecurity, what attacks are on the increase, and how confident they are about thwarting attacks.

The survey found that 53% of businesses polled in the Vanson Bourne study said their organisation is likely to suffer a negative business impact due to an email-borne attack in 2018.

Over the last 12 months, 94% of respondents had seen an increase in phishing attacks, and 92% had seen an increase in targeted spear phishing attacks with malicious links.

87% of respondents also reported seeing impersonation attacks that attempted to initiate wire transfers, or for confidential data (85% of respondents) over the last year.

However, malicious intent wasn’t behind every security risk – 31% of respondents said a member of the C-suite had sent an email containing sensitive information to the wrong email address.

“No single technique can be relied upon to stop the rapidly evolving attacks and organizations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for email,” Gardiner says.

Mimecast has also announced a number of enhancements to its Targeted Threat Protection services this week. Internal Email Protect, URL Protect, and Impersonation Protect are designed to combat and remediate the evolving threat landscape.

Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Link image
Creating a lean business machine with automation and low-code
Forrester data indicates that process automation was a strategic initiative for many organizations before COVID and remains so after. Catch this webinar to learn more about automation.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More