Recent research has revealed nearly a quarter of ‘unsafe' emails are being delivered to users' inboxes.
Mimecast shared the findings of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems.
This quarter's assessment noted a continuous challenge of securing organisations from malicious attachments, dangerous files type, impersonation attacks as well as spam.
The report stipulates that just relying on email service providers' security systems is no longer adequate. For organisations to truly be safe from malicious emails they need to enhance their cyber-resilience strategies for email with a multi-layered approach that includes a third-party security service provider.
According to Mimecast, email remains the top attack option for delivering security threats such as ransomware, impersonation and malicious files or URLs – and malware attachments, impersonation attacks and dangerous file types continue their relentless rise.
Attacker motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds, and in several recent cases, sabotage with data being permanently destroyed.
Mimecast's ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days, resulting in more than 45 million emails in total – all of which had passed through the incumbent email security system in use by each organisation.
Of this data selection, a whopping 31 percent were demmed ‘unsafe' by Mimecast, uncovering more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments, and 9,677 impersonation emails to date.
According to Mimecast, many organisations have a false sense of security in believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.
The report found that even some of the top email cloud players are still missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security.
“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there's a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” says Ed Jennings, chief operating officer at Mimecast.
“These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.”