Supplied
There has been a significant increase in business email compromise (BEC) attacks, emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems. This is according to Mimecast’s latest quarterly Email Security Risk Assessment (Esra), an aggregated report of tests that measure the efficacy of widely used email security systems.

BEC attacks, also referred to as email-based impersonation fraud, is an issue that is not going away, because these attacks can easily evade many traditional email security systems on a global scale.

The latest Esra found a 269percent increase in these types of attacks, compared with the same findings in last quarter’s report. This trend was also reflected in recent research, the “State of email security 2019 report”, which found that 85percent of the 1025 global respondents experienced an impersonation attack in 2018, with 73percent of those victims having experienced a direct business impact, such as financial, data or customer loss.

The rise in BEC attacks underscores the need for organisations to add protection against well-resourced attackers. A 2019 Osterman Research Report titled “Ten questions to ask about your Office 365 deployment” concluded that Microsoft Office 365 alone “will not fully meet many organisations’ requirements”.

Today, close to half of Mimecast customers bolster the cyber resilience of their Microsoft Office 365 deployments with services including Targeted Threat Protection to defend against bad actors and BEC attacks.

BEC attacks are not the only method cybercriminals have been successfully leveraging to target organisations.

The Esra report found 28783892 spam emails, 28808 malware attachments and 28726 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes, an overall false negative rate of 11percent of inspected emails.

The results from the report demonstrate the need for the entire industry to continue to work toward a higher standard of email security.

“This Esra report pointed out that impersonation attacks continue to menace all types of organisations, but I think the real issue is that there are tens of thousands of email-borne threats successfully able to bypass the email security systems that organisations’ have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails,” said Joshua Douglas, the vice-president of threat intelligence at Mimecast.

“Cybercriminals will always look for new ways to bypass traditional defences and fool users. This means the industry must focus their efforts on investing in research and development, unified integrations and making it easier for users to be part of security defences, driving resilience against evolving attacks.”

Mimecast produces quarterly Esra reports to offer organisations insights on the rise of new types of email-borne threats and key trends in malicious email campaigns. 

PERSONAL FINANCE