sb-eu logo
Story image

New study shows email security systems not up to scratch as malicious emails pour in

18 Apr 2018

Incumbent email security systems are missing tens of thousands of emails containing malware, putting users and networks at risk of attack, a new survey from Mimecast says.

Its quarterly Email Security Risk Assessment (ESRA) found that out of the 95 million emails analysed there were 14.2 million spam emails, 9992 emails containing dangerous file types, and 849 unknown emails with malware attachments. 11,653 known emails with malicious attachment also escaped detection by email providers and landed straight in users’ inboxes.

According to Mimecast, organisations invest millions of dollars in deploying email security systems such as Microsoft Office 365 EOP/ATP, Proofpoint Enterprise, Symantec Email Security Cloud, amongst others.

Organisations also continue to be plagued by impersonation attacks. 23,072 were detected last quarter, a 22% increase quarter-by-quarter.

According to Mimecast cybersecurity strategist Matthew Gardiner, the ESRA should be viewed as a standard of transparency that raises the bar for vendors to help customers find weaknesses in their defences.

“Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6% of the aggregate impersonation attacks while another global security vendor missed the 83.4% of the “known” malware attachments,” he says.

The results from the ESRA are consistent with a study Mimecast recently conducted with Vanson Bourne. The study aimed to understand organisations’ cybersecurity, what attacks are on the increase, and how confident they are about thwarting attacks.

The survey found that 53% of businesses polled in the Vanson Bourne study said their organisation is likely to suffer a negative business impact due to an email-borne attack in 2018.

Over the last 12 months, 94% of respondents had seen an increase in phishing attacks, and 92% had seen an increase in targeted spear phishing attacks with malicious links.

87% of respondents also reported seeing impersonation attacks that attempted to initiate wire transfers, or for confidential data (85% of respondents) over the last year.

However, malicious intent wasn’t behind every security risk – 31% of respondents said a member of the C-suite had sent an email containing sensitive information to the wrong email address.

“No single technique can be relied upon to stop the rapidly evolving attacks and organizations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for email,” Gardiner says.

Mimecast has also announced a number of enhancements to its Targeted Threat Protection services this week. Internal Email Protect, URL Protect, and Impersonation Protect are designed to combat and remediate the evolving threat landscape.

Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Average cost of insider attack $2 million - Bitglass
A report has found 61% of companies had an insider attack in past year.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More