Mimecast has announced the launch of the Mimecast Email Security Risk Assessment (ESRA), an analysis report measuring the effectiveness of email security systems.
According to the company, this report highlights the need to push the entire industry to work toward a higher standard of email security. The report showed that millions of email attacks ranging from opportunistic spam to highly-targeted impersonation attacks are getting through incumbent email security systems costing organisations a lot of time and money to clean up.
A number of organisations think their current email security systems are up to the task of protecting them. However, if an organisation hasn’t reviewed its approach to email security within the last 18 months, it is likely vulnerable to attack. The Mimecast ESRA testing to date has covered 23,744 email users over a cumulative 153 days of inbound email received into the organisations participating in the testing. This first report compiled the results of all assessments performed, in which more than 26 million emails were inspected by the Mimecast service. These emails had all passed through the incumbent email security vendor or cloud email service in use by each organisation. However, Mimecast found millions of missed email threats had gotten through these incumbent security systems. Mimecast uncovered almost 3.5 million pieces of spam, 6,681 dangerous file types, 1,207 known and 421 unknown malware attachments and 1,697 impersonation attacks.
To complement this hands-on testing, Mimecast conducted research with Vanson Bourne on the state of organisations’ cybersecurity, their expectations and needs and what attacks they’ve seen increase. Findings were based on responses received from 800 IT decision makers and C-level executives globally. The Mimecast conducted Vanson Bourne research revealed that in the Middle East, 57 percent of organisation believe they will suffer a negative business impact from cybercriminal activity in 2017. Further statistics for the Middle East reveal that around 45 percent believe that the volume of untargeted phishing with malicious links attacks has increased, while 49 percent believe that spear-phishing with malicious links targeted at the organisation and an individual has gone up. The report revealed that email is the most likely method of ransomware infection in the Middle East and over 33 percent of organisations in the region have admitted to an increase in ransomware attacks.
Not surprisingly, and consistent with the results of the Mimecast ESRA report, advanced attacks were reported to be on the rise. For example, forty-five percent of respondents reported an increase in malicious macros within attachments. Not only that, but 64 percent of organisations believe they will suffer a negative business impact from cybercriminals in 2017, while 56 percent think malicious emails or URLs will be the likely attack vector.
“It’s easy to assume that your email security solution is protecting you from advanced attacks. If you don’t have visibility into what’s actually getting delivered to the inboxes of employees, why would you think otherwise? We launched Mimecast ESRA at the request of organisations who wanted an easy way to assess the risks and to see a greater level of detail to help understand the impact to their business,” said Ed Jennings, Chief Operating Officer, Mimecast. “As we’ve shared the findings with CISOs globally, they’ve been taken aback by the volume and type of attacks getting through their current email security solutions. The visibility this assessment offers is actionable, and is being used to reprioritise their current email security strategies. By launching the Mimecast ESRA, we are helping to establish the new standard of transparency for organisations while at the same time helping to raise the bar for the industry.”