Story image

Nearly a quarter of ‘unsafe’ emails getting through to user inboxes

28 Jul 17

Recent research has revealed nearly a quarter of ‘unsafe’ emails are being delivered to users’ inboxes.

Mimecast shared the findings of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems.

This quarter’s assessment noted a continuous challenge of securing organisations from malicious attachments, dangerous files type, impersonation attacks as well as spam.

The report stipulates that just relying on email service providers’ security systems is no longer adequate. For organisations to truly be safe from malicious emails they need to enhance their cyber-resilience strategies for email with a multi-layered approach that includes a third-party security service provider.

According to Mimecast, email remains the top attack option for delivering security threats such as ransomware, impersonation and malicious files or URLs – and malware attachments, impersonation attacks and dangerous file types continue their relentless rise.

Attacker motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds, and in several recent cases, sabotage with data being permanently destroyed.

Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days, resulting in more than 45 million emails in total – all of which had passed through the incumbent email security system in use by each organisation.

Of this data selection, a whopping 31 percent were demmed ‘unsafe’ by Mimecast, uncovering more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments, and 9,677 impersonation emails to date.

According to Mimecast, many organisations have a false sense of security in believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.

The report found that even some of the top email cloud players are still missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security.

“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” says Ed Jennings, chief operating officer at Mimecast.

“These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.” 

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.