Johannesburg, 21 May 2018
Mimecast (NASDAQ: MIME), a leading e-mail and data security company, has announced the availability of its quarterly Email Security Risk Assessment (ESRA), a report of tests that measure the effectiveness of incumbent e-mail security systems.
This quarter's assessment reports that these systems missed 11,653 e-mails containing known malware, which should be the easiest to identify, as they are detectable by commonly deployed endpoint-based anti-virus technologies. Additionally, the report noted a continued challenge of securing organizations from unknown malicious attachments, dangerous files types, impersonation attacks, as well as even basic spam.
As part of the assessment, Mimecast inspected more than 95 million e-mails, all of which had passed through organisations' incumbent e-mail security vendors.
These organisations, in 20 different industries, invested millions of dollars to deploy a variety of commonly used on-premises and hybrid e-mail security systems. The latest report found more than 14 277 163 pieces of spam, 9 992 e-mails containing dangerous file types, and 849 unknown e-mails with malware attachments, all missed by the incumbent providers and delivered to users' inboxes.
Most notably, 11 653 known e-mails with malicious attachments passed through these systems, an increase of 532% in comparison to last quarter's assessment. Impersonation attacks also continue to be a problem for organisations, as 23 072 were caught: increasing 22% in comparison quarter over quarter. The report indicates the need for organisations to enhance their cyber resilience strategies for e-mail.
"Mimecast's ESRA is aiming to establish a standard of transparency that raises the bar for all security vendors helping organisations pinpoint weaknesses in their defences," said Matthew Gardiner, cybersecurity strategist at Mimecast. "E-mails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent e-mail security systems. The security system of one primary cloud e-mail platform missed 76.6% of the aggregate impersonation attacks while another global security vendor missed the 83.4% of the 'known' malware attachments."
Mimecast recently conducted global research with Vanson Bourne on the state of organisations' cyber security, what attacks they've seen increase, and their level of confidence to thwart these evolving attacks.
The findings were based on responses from 800 IT decision-makers and C-level executives. Not surprisingly, and consistent with the results of the Mimecast ESRA report, organisations are forecasting a challenging future, with nearly 60% of respondents having said their organisation is likely to suffer a negative business impact because of an e-mail-borne attack in 2018.
Also in line with the ESRA results, despite efforts, email-borne attacks are on the rise. The clear majority of Vanson Bourne respondents have seen untargeted phishing attacks (94%) or targeted spear-phishing attacks (92%) with malicious links in the past 12 months, with the volume of both attacks increasing 56% over the last year. Most respondents also reported seeing e-mail-based impersonation attacks asking either to initiate wire transfers (87%) or for confidential data (85%) over the last year.
"Mimecast's multi-layered security inspection system is engineered to include more than 100 analytic techniques and threat data sources provided both by in-house development and third-party sources, including three separate AV engines, file sandboxing, static file analysis and other techniques.
"No single technique can be relied upon to stop the rapidly evolving attacks and organisations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for e-mail," Gardiner added.
Mimecast will be showcasing its technologies and services at the ITWeb Security Summit, southern Africa's definitive conference and expo for information security, IT and business professionals. This year, over 70 expert speakers will deliver key insights across seven tracks, including workshops and training courses during the expanded five-day event. The ITWeb Security Summit will be staged at Vodacom World, Midrand, from 22 to 23 May 2018; and CTICC Cape Town on 29 May 2018. Focused and interactive workshops, as well as in-depth training courses will be run in the days around the main conference and exhibition.
ITWeb Security Summit 2018
Registration is open for the ITWeb Security Summit 2018, being held in Johannesburg on 22 and 23 May and in Cape Town on 28 and 29 May. This is the must-attend annual event for information security professionals, featuring international speakers, workshops, as well as a beginners' guide to cyber security. Click here.
Share