Incumbent email security systems are missing tens of thousands of emails containing malware, putting users and networks at risk of attack, a new survey from Mimecast says.
Its quarterly Email Security Risk Assessment (ESRA) found that out of the 95 million emails analysed there were 14.2 million spam emails, 9992 emails containing dangerous file types, and 849 unknown emails with malware attachments. 11,653 known emails with malicious attachment also escaped detection by email providers and landed straight in users’ inboxes.
According to Mimecast, organisations invest millions of dollars in deploying email security systems such as Microsoft Office 365 EOP/ATP, Proofpoint Enterprise, Symantec Email Security Cloud, amongst others.
Organisations also continue to be plagued by impersonation attacks. 23,072 were detected last quarter, a 22% increase quarter-by-quarter.
According to Mimecast cybersecurity strategist Matthew Gardiner, the ESRA should be viewed as a standard of transparency that raises the bar for vendors to help customers find weaknesses in their defences.
“Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6% of the aggregate impersonation attacks while another global security vendor missed the 83.4% of the “known” malware attachments,” he says.
The results from the ESRA are consistent with a study Mimecast recently conducted with Vanson Bourne. The study aimed to understand organisations’ cybersecurity, what attacks are on the increase, and how confident they are about thwarting attacks.
The survey found that 53% of businesses polled in the Vanson Bourne study said their organisation is likely to suffer a negative business impact due to an email-borne attack in 2018.
Over the last 12 months, 94% of respondents had seen an increase in phishing attacks, and 92% had seen an increase in targeted spear phishing attacks with malicious links.
87% of respondents also reported seeing impersonation attacks that attempted to initiate wire transfers, or for confidential data (85% of respondents) over the last year.
However, malicious intent wasn’t behind every security risk – 31% of respondents said a member of the C-suite had sent an email containing sensitive information to the wrong email address.
“No single technique can be relied upon to stop the rapidly evolving attacks and organizations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for email,” Gardiner says.
Mimecast has also announced a number of enhancements to its Targeted Threat Protection services this week. Internal Email Protect, URL Protect, and Impersonation Protect are designed to combat and remediate the evolving threat landscape.