sb-nz logo
Story image

Nearly a quarter of ‘unsafe’ emails getting through to user inboxes

28 Jul 2017

Recent research has revealed nearly a quarter of ‘unsafe’ emails are being delivered to users’ inboxes.

Mimecast shared the findings of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems.

This quarter’s assessment noted a continuous challenge of securing organisations from malicious attachments, dangerous files type, impersonation attacks as well as spam.

The report stipulates that just relying on email service providers’ security systems is no longer adequate. For organisations to truly be safe from malicious emails they need to enhance their cyber-resilience strategies for email with a multi-layered approach that includes a third-party security service provider.

According to Mimecast, email remains the top attack option for delivering security threats such as ransomware, impersonation and malicious files or URLs – and malware attachments, impersonation attacks and dangerous file types continue their relentless rise.

Attacker motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds, and in several recent cases, sabotage with data being permanently destroyed.

Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days, resulting in more than 45 million emails in total – all of which had passed through the incumbent email security system in use by each organisation.

Of this data selection, a whopping 31 percent were demmed ‘unsafe’ by Mimecast, uncovering more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments, and 9,677 impersonation emails to date.

According to Mimecast, many organisations have a false sense of security in believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.

The report found that even some of the top email cloud players are still missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security.

“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” says Ed Jennings, chief operating officer at Mimecast.

“These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.” 

Download image
74% of APAC IT leaders say security culture is essential to business success
You can join these leaders in designing security awareness and training with your employees in mind.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More