In its latest Email Security Risk Assessment (ESRA), Mimecast found that incumbent email security systems inaccurately deemed nearly 17,000 dangerous files “safe” this quarter. Email scams have been on the rise, which is partly what prompted Mimecast to dig into the efficacy of Office 365 and other widely used email security systems so that organizations can better understand their risk.
According to a recent survey also conducted by Mimecast, nearly 70% of employees are using company-issued devices for non-work activities, which presents an increased likelihood that users can fall victim to one of these malicious scams with dangerous files and malicious URLs while online shopping at work.
The ESRA also found that more than 21 million spam emails were missed by email security providers. Instead of being blocked they were delivered to users’ inboxes. Add to that massive oversight the fact that in excess of 205,000 malicious URLs were missed by incumbent providers, and it’s no surprise why the efficacy of email security systems needs to be measured.
In addition, providers missed more than 42,350 impersonation attempts, which were also delivered to users’ inboxes, along with an more than 17,500 undetected malware attachments that landed in inboxes.
“Mimecast has seen an increase in security efficacy versus legacy vendors along with detailed information on the proliferation of threats of all types. The ESRA provides deep insights for our customers on the types of attacks threatening their business,” said Lindsay Jack, security service director at Mimecast, in a press release.
“Attacks we are seeing include key executives being targeted with cloud storage services exploits, impersonation attacks targeting legal, finance and administrative assistance, as well as social engineering attacks against the C-suite. Mimecast helps organizations understand how they compare with other organizations in their geography or industry vertical. Additionally, these reports provide insights on the rise of new types of malware and key trends in malicious email campaigns.”
The last quarter saw a surge in emails containing dangerous file types, according to Matthew Gardiner, cybersecurity strategist at Mimecast, who said that cyber-criminals continue to adapt their email-based attacks, seeking ways to evade detection and bypass security solutions that rely on reputation-based detection or file signature matches.
“Mimecast uses multiple layers and types of detection engines, combined with high-performance analytics, a diverse set of threat intelligence sources, and computer-aided human analysis to identify and stop unsafe emails from getting into our customers’ inboxes,” Gardiner said.