Mimecast Limited has revealed the results of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems.
This quarter’s assessment noted a continued challenge of securing organisations from malicious attachments, dangerous files types, impersonation attacks, as well as spam – with nearly a quarter of “unsafe” email being delivered to users’ inboxes.
Among the email security services assessed, the tests found that using Mimecast in conjunction with prominent cloud-based email service providers, including Google G Suite and Microsoft Office 365, would substantially improve results by blocking thousands more email-borne attacks. The report indicates the need for organisations to enhance their cyber resilience strategies for email with a multi-layered approach that includes a third-party security service provider.
“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” said Ed Jennings, chief operating officer at Mimecast. “These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.”
According to the email and data security firm, the risks to email remain whether delivered to a cloud-based, on-premises, or to a hybrid email environment. Email remains the top attack vector for delivering security threats such as ransomware, impersonation, and malicious files or URLs.
The report noted that attackers’ motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds and in several recent cases, sabotage with data being permanently destroyed. To date, Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days. More than 45 million emails were inspected, all of which had passed through the incumbent email security system in use by each organisation – of this, 31 percent were deemed “unsafe” by Mimecast. These assessments have uncovered more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments and 9,677 impersonation emails to date.
When the data was sliced by incumbent email security vendor the report found that even some of the top email cloud players were missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security. Notably these cloud vendors are leaving organisations vulnerable by missing millions of spam emails and thousands of threats and allowing them to be delivered to the users’ email inboxes. Many organisations have a false sense of security believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.
This quarterly ESRA report strongly indicates the need for organisations to consider third party email security services to more effectively secure their email and increase their overall cyber resilience, said Mimecast.