Impersonation attacks on the increase, says Mimecast
There has been a massive increase in e-mail malicious links being missed by many security systems.
This is according to e-mail and data security company Mimecast in its E-mail Security Risk Assessment, a test which measures the effectiveness of e-mail security systems in use by thousands of organisations globally.
Mimecast examined more than 142 million e-mails that had passed through organisations' e-mail security vendors.
The latest results reveal 203 000 malicious links within 10 072 682 e-mails were deemed safe by other security systems; a ratio of one unstopped malicious link for every 50 e-mails inspected.
The report also finds an 80% increase in impersonation attacks in comparison to the last quarter's figures. Additionally, 19 086 877 pieces of spam, 13 176 e-mails containing dangerous file types, and 15 656 malware attachments were all missed by these incumbent security providers and delivered to users' inboxes.
"Targeted malware, heavily socially-engineered impersonation attacks and phishing threats are still reaching employee inboxes. This leaves organisations at risk of a data breach and financial loss," says Matthew Gardiner, cyber security strategist for Mimecast.
"Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialised security capabilities, and this testing shows that commonly used systems aren't doing a good job catching them."
The report indicates the need for organisations to enhance their cyber resilience strategies for e-mail with a multi-layered approach that includes a third-party service provider.
According to Mimecast, in South Africa, almost half of businesses have seen a sharp increase in targeted spear-phishing attacks in the past year.
Similarly, the South Africa Phishing Response Trends Report, released earlier this year, found that local companies are at higher risk of data breaches stemming from phishing scams.
According to the report, the surge in e-mail-related threats is SA's biggest security concern.
"More than 60% of the 100 companies surveyed have faced an e-mail threat more than once and nearly 20% of respondents received more than 500 suspicious e-mails weekly.
"Furthermore, nearly all respondents already have one security layer in place, with many respondents having more than four security layers in place. Around 95% of surveyed IT professionals plan to upgrade their phishing response and prevention," notes the report.
To avoid falling victim to spear-phishing attacks, Kaspersky Lab recommends that users and businesses employ security solutions that have dedicated anti-phishing capabilities.
The company also suggests introducing security awareness initiatives, such as gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks.