Story image

New study shows email security systems not up to scratch as malicious emails pour in

18 Apr 18

Incumbent email security systems are missing tens of thousands of emails containing malware, putting users and networks at risk of attack, a new survey from Mimecast says.

Its quarterly Email Security Risk Assessment (ESRA) found that out of the 95 million emails analysed there were 14.2 million spam emails, 9992 emails containing dangerous file types, and 849 unknown emails with malware attachments. 11,653 known emails with malicious attachment also escaped detection by email providers and landed straight in users’ inboxes.

According to Mimecast, organisations invest millions of dollars in deploying email security systems such as Microsoft Office 365 EOP/ATP, Proofpoint Enterprise, Symantec Email Security Cloud, amongst others.

Organisations also continue to be plagued by impersonation attacks. 23,072 were detected last quarter, a 22% increase quarter-by-quarter.

According to Mimecast cybersecurity strategist Matthew Gardiner, the ESRA should be viewed as a standard of transparency that raises the bar for vendors to help customers find weaknesses in their defences.

“Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6% of the aggregate impersonation attacks while another global security vendor missed the 83.4% of the “known” malware attachments,” he says.

The results from the ESRA are consistent with a study Mimecast recently conducted with Vanson Bourne. The study aimed to understand organisations’ cybersecurity, what attacks are on the increase, and how confident they are about thwarting attacks.

The survey found that 53% of businesses polled in the Vanson Bourne study said their organisation is likely to suffer a negative business impact due to an email-borne attack in 2018.

Over the last 12 months, 94% of respondents had seen an increase in phishing attacks, and 92% had seen an increase in targeted spear phishing attacks with malicious links.

87% of respondents also reported seeing impersonation attacks that attempted to initiate wire transfers, or for confidential data (85% of respondents) over the last year.

However, malicious intent wasn’t behind every security risk – 31% of respondents said a member of the C-suite had sent an email containing sensitive information to the wrong email address.

“No single technique can be relied upon to stop the rapidly evolving attacks and organizations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for email,” Gardiner says.

Mimecast has also announced a number of enhancements to its Targeted Threat Protection services this week. Internal Email Protect, URL Protect, and Impersonation Protect are designed to combat and remediate the evolving threat landscape.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.