There is a continued challenge in securing our organizations from malicious attachments, dangerous file types, impersonation attacks, as well as spam, with nearly a quarter emails being delivered to users’ inboxes still being deemed 'unsafe'. This is according to a report published by Mimecast which indicates the need for organizations to enhance their cyber resilience strategies for email with a multi-layered approach that includes a third-party security service provider.
The Email Security Risk Assessment notes that the risks to email remain whether delivered to a cloud-based, on-premises, or to a hybrid email environment. Email remains the top attack vector for delivering security threats such as ransomware, impersonation, and malicious files or URLs. Attackers motives include credential theft, extracting a ransom, defrauding victims of corporate data and funds and in several recent cases, sabotage with data being permanently destroyed.
To date, Mimecast’s ESRA reports have inspected the inbound email received for 62,323 email users over a cumulative 428 days. More than 45 million emails were inspected, all of which had passed through the incumbent email security system in use by each organization and, of these, almost a quarter (24%) were deemed 'unsafe'. These assessments have uncovered more than 10.8 million pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments and 9,677 impersonation emails to date.
When the data was sliced by incumbent email security vendor, the report found that even some of the top email cloud players were missing commonly found advanced security threats, highlighting the need for a multi-layered approach to email security. Notably these cloud vendors are leaving organizations vulnerable by missing millions of spam emails and thousands of threats and allowing them to be delivered to the users’ email inboxes. Many organizations have a false sense of security believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.
It is findings like these, and the disruptive impact that a cyber security incident can have on an organization, that demonstrate why cyber attacks and data breaches are such major concerns for business continuity and resilience professionals. The Business Continuity Institute's latest Horizon Scan Report identified them as the top two threats to organizations with 88% and 81%, respectively, of respondents to a global survey expressing concern about the prospect of such an event occurring.
“To achieve a comprehensive cyber resilience strategy, organizations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” said Ed Jennings, chief operating officer at Mimecast. “These quarterly Mimecast ESRA reports highlight the need for the entire industry to work toward a higher standard of email security.”