Story image

Nearly a quarter of ‘unsafe’ emails getting through to user inboxes

28 Jul 2017

Recent research has revealed nearly a quarter of ‘unsafe’ emails are being delivered to users’ inboxes.

Mimecast shared the findings of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems.

This quarter’s assessment noted a continuous challenge of securing organisations from malicious attachments, dangerous files type, impersonation attacks as well as spam.

The report stipulates that just relying on email service providers’ security systems is no longer adequate. For organisations to truly be safe from malicious emails they need to enhance their cyber-resilience strategies for email with a multi-layered approach that includes a third-party security service provider.

According to Mimecast, email remains the top attack option for delivering security threats such as ransomware, impersonation and malicious files or URLs – and malware attachments, impersonation attacks and dangerous file types continue their relentless rise.

Attacker motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds, and in several recent cases, sabotage with data being permanently destroyed.

Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days, resulting in more than 45 million emails in total – all of which had passed through the incumbent email security system in use by each organisation.

Of this data selection, a whopping 31 percent were demmed ‘unsafe’ by Mimecast, uncovering more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments, and 9,677 impersonation emails to date.

According to Mimecast, many organisations have a false sense of security in believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.

The report found that even some of the top email cloud players are still missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security.

“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” says Ed Jennings, chief operating officer at Mimecast.

“These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.” 

Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.