M
Mimecast, a leading email and data
security company, has announced the
availability of its latest Email Security
Risk Assessment (ESRA), which found a
significant increase in Business Email
Compromise (BEC) attacks, emails
containing dangerous file types, malware
attachments and spam being delivered
to users’ inboxes from incumbent email
security systems.
BEC attacks, also referred to as email-
based impersonation fraud, are an
issue that is not going away because
these attacks can easily evade many
traditional email security systems on
a global scale. The latest ESRA found
a 269% increase in these types of
attacks, in comparison to the same
findings in last quarter’s report.
This trend was also reflected in recent
research, the State of Email Security
2019 report, which found that 85% of the
1,025 global respondents experienced
an impersonation attack in 2018, with
73% of those victims having experienced
a direct business impact – like financial,
data or customer loss.
The rise in BEC attacks underscores the
need for organisations to add protection
against well-resourced attackers.
BEC attacks are not the only method
cybercriminals have been successfully
leveraging to target organisations. The
ESRA report found 28,783,892 spam
emails, 28,808 malware attachments
and 28,726 dangerous files types were
all missed by incumbent providers and
delivered to users’ inboxes, an overall
false negative rate of 11% of inspected
emails. The results from the report
demonstrate the need for the entire
industry to continue to work toward a
higher standard of email security.
Mimecast produces quarterly ESRA
reports to offer organisations insights
on the rise of new types of email-borne
threats and key trends in malicious
email campaigns.
JEFF OGDEN, GENERAL
MANAGER – MIDDLE EAST AND
INDIA, MIMECAST
www.intelligentciso.com
|
Issue 19
FEATURE
Deception is now
the name of the
game rather than
brute forcing
access to networks
and devices.
Jeff Ogden, General Manager – Middle
East and India, Mimecast, said:
“Mimecast believes that cyber-resilience
begins with robust email security. Cyber-
resilience can be most simply defined
as the ability to adapt and respond
effectively to every potential threat no
matter where it’s coming from.
“Email may be forced offline by a
cyberattack, IT failure or even purposely
by IT to contain a threat. Either way,
disruption to email flow can directly
impact business operations and limit the
ability to communicate.
“All organisations should strongly
consider a continuity solution that allows
employees to continue with business as
usual. CISOs should also ensure that
data is protected and accessible for
users. In the event of a cyberattack it’s
important to be able to recover all data
and other corporate IP after the incident.
“Attack tactics have evolved. Deception
is now the name of the game rather
than brute forcing access to networks
and devices. Increasingly sophisticated
37