Story image

Nearly a quarter of ‘unsafe’ emails getting through to user inboxes

28 Jul 2017

Recent research has revealed nearly a quarter of ‘unsafe’ emails are being delivered to users’ inboxes.

Mimecast shared the findings of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems.

This quarter’s assessment noted a continuous challenge of securing organisations from malicious attachments, dangerous files type, impersonation attacks as well as spam.

The report stipulates that just relying on email service providers’ security systems is no longer adequate. For organisations to truly be safe from malicious emails they need to enhance their cyber-resilience strategies for email with a multi-layered approach that includes a third-party security service provider.

According to Mimecast, email remains the top attack option for delivering security threats such as ransomware, impersonation and malicious files or URLs – and malware attachments, impersonation attacks and dangerous file types continue their relentless rise.

Attacker motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds, and in several recent cases, sabotage with data being permanently destroyed.

Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days, resulting in more than 45 million emails in total – all of which had passed through the incumbent email security system in use by each organisation.

Of this data selection, a whopping 31 percent were demmed ‘unsafe’ by Mimecast, uncovering more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments, and 9,677 impersonation emails to date.

According to Mimecast, many organisations have a false sense of security in believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.

The report found that even some of the top email cloud players are still missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security.

“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” says Ed Jennings, chief operating officer at Mimecast.

“These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.” 

Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.