Story image

New study shows email security systems not up to scratch as malicious emails pour in

18 Apr 2018

Incumbent email security systems are missing tens of thousands of emails containing malware, putting users and networks at risk of attack, a new survey from Mimecast says.

Its quarterly Email Security Risk Assessment (ESRA) found that out of the 95 million emails analysed there were 14.2 million spam emails, 9992 emails containing dangerous file types, and 849 unknown emails with malware attachments. 11,653 known emails with malicious attachment also escaped detection by email providers and landed straight in users’ inboxes.

According to Mimecast, organisations invest millions of dollars in deploying email security systems such as Microsoft Office 365 EOP/ATP, Proofpoint Enterprise, Symantec Email Security Cloud, amongst others.

Organisations also continue to be plagued by impersonation attacks. 23,072 were detected last quarter, a 22% increase quarter-by-quarter.

According to Mimecast cybersecurity strategist Matthew Gardiner, the ESRA should be viewed as a standard of transparency that raises the bar for vendors to help customers find weaknesses in their defences.

“Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6% of the aggregate impersonation attacks while another global security vendor missed the 83.4% of the “known” malware attachments,” he says.

The results from the ESRA are consistent with a study Mimecast recently conducted with Vanson Bourne. The study aimed to understand organisations’ cybersecurity, what attacks are on the increase, and how confident they are about thwarting attacks.

The survey found that 53% of businesses polled in the Vanson Bourne study said their organisation is likely to suffer a negative business impact due to an email-borne attack in 2018.

Over the last 12 months, 94% of respondents had seen an increase in phishing attacks, and 92% had seen an increase in targeted spear phishing attacks with malicious links.

87% of respondents also reported seeing impersonation attacks that attempted to initiate wire transfers, or for confidential data (85% of respondents) over the last year.

However, malicious intent wasn’t behind every security risk – 31% of respondents said a member of the C-suite had sent an email containing sensitive information to the wrong email address.

“No single technique can be relied upon to stop the rapidly evolving attacks and organizations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for email,” Gardiner says.

Mimecast has also announced a number of enhancements to its Targeted Threat Protection services this week. Internal Email Protect, URL Protect, and Impersonation Protect are designed to combat and remediate the evolving threat landscape.

Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.