Mimecast has released its latest Email Security Risk Assessment (ESRA) Report and it includes a lot of interesting statistics. For example, While many organisations still fear of malware being the main burden to their email cyber-resilience, the findings show only 15 percent increase in these type of email attacks compared to the last figures. As part of the ESRA program Mimecast analysed more than 55 million emails, finding that more than 9,055 contained dangerous file types and that of those 1,844 known and 691 unknown contained malware attachments. 18,971 impersonation attacks were missed by incumbent providers and delivered to users' inboxes.
Mimecast's report reveals an increased risk in impersonation attacks compared to attacks leveraging malaware which is what most people were worried about. Mimecast reported impersonation attacks, which rely on duping recipients into wiring the attacker money or highly monetisable data, rose almost 50 percent quarter over quarter. Emails with malware attachments only rose about 15 percent. Missed impersonation attacks were seen to occur more than seven times as often as missed email-borne malware.
Ed Jennings, chief operating officer at Mimecast said: “This latest ESRA report reveals that many email security providers are leaving organisations very vulnerable to these often hard to detect impersonation attacks. Cyber-criminals know that many traditional email security services are improving their ability to stop email-borne malware, but remain ineffective against impersonation attacks.”
According to PhishMe, one third of respondents see more than 500 suspicious emails a week. Yet, only 26 percent of surveyed IT executives have a dedicated inbox for suspicious emails. 90 percent of those surveyed were worried about email threats, such as spear-phishing, phishing in general or whaling. 43 percent of respondents say their phishing response ranged from “totally ineffective” to “mediocre”. 80 percent of surveyed IT execs plan to upgrade their phishing prevention and response.
Steven Malone, director of security product management at Mimecast, commented: “Fraudulent emails are increasingly tricky to spot and organisations need to help employees with role-specific behavioural conditioning and smarter email security technologies. Mimecast's email security risk assessment has shown that simple spam rules and malware-signatures will fail to catch many new attacks. Basic advice is that email attachments should be sandboxed or transcribed into safe formats while all emails originating from external sources can be clearly marked as being received from an external sender.”
Aaron Higbee, co-founder and CTO of PhishMe said: “Raise the alarm. If it looks suspicious, get the IT team to take a look, because that's the only way you can be certain that you don't fall victim to a phishing attack. This will benefit other employees too, as the IT team can advise on what scams they should look out for, as well as triggering a security investigation. What's more, as the report shows, the more users report potential phishing attacks, the less susceptible they become. In effect, by reporting potential scams you are becoming one part of a very effective human shield against the hackers.”