The latest ESRA report from Mimecast indicates just why email attacks are so loved by cybercriminals, and why organizations need to take email security more seriously.
ESRA is Mimecast’s ongoing Email Security Risk Assessment quarterly analysis. Working with 37 organizations across 20 different industries, Mimecast compares the email threats it detects to those detected by the organizations’ incumbent email security technologies. The results provide two major sets of statistics: the volume of threats that go undetected by the incumbent technologies; and the sheer size of the email threat.
The latest report (PDF) covers more than 142 million emails received by almost 261,924 users. The incumbent email security was Office 365 and Proofpoint.
ESRA’s analysis shows that a total of more than 19 million spam emails; 13,176 emails containing dangerous file types; and 15,656 malware attachments were missed by the incumbent security and delivered to users’ inboxes. It also discovered 203,000 malicious links within just over 10 million emails that were delivered to inboxes — a ratio of around one unstopped malicious link in every fifty inspected emails.
This doesn’t mean that the bad emails were effective, only that they were delivered to their destination. Other security controls might detect malware and inhibit users from clicking on malicious links — but it does imply that these additional controls need to be 100% effective against threats that could have been blocked before delivery.
One figure that stands out in the analysis is an increase of 80% in impersonation attacks over the last quarter’s analysis. Mimecast detected 41,605 cases that had been missed by the organizations’ existing controls.
“Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are still reaching employee inboxes. This leaves organizations at risk of a data breach and financial loss,” said Matthew Gardiner, cybersecurity strategist at Mimecast. “Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialized security capabilities, and this testing shows that commonly used systems aren’t doing a good job catching them.”
Mimecast was founded in 2003 by Neil Murray (CTO) and Peter Bauer (CEO). It went public in 2015, and its share price has risen steadily from an initial $10 to its current value at just over $41. During 2018 it has acquired both Solebit (a threat detection firm) and Ataata (a security training firm).
Related: The Disconnect Between Understanding Email Threats and Preventing Them
Related: State of Email Security: What Can Stop Email Threats?
Related: Preventing Business Email Compromise Requires a Human Touch
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
