Email and data security company Mimecast Limited has released its quarterly Email Security Risk Assessment report of tests that measure the effectiveness of email security systems, which has found a worrying amount of malware misses.
The assessment has found that these systems missed 11,653 emails containing known malware, which should be the easiest to identify, as they are detectable by commonly deployed endpoint-based anti-virus technologies.
Additionally, the report noted a continued challenge of securing organisations from unknown malicious attachments, dangerous files types, impersonation attacks, as well as even basic spam.
As part of the assessment, Mimecast inspected more than 95 million emails, all of which had passed through organisations’ incumbent email security vendors.
These organisations, in 20 different industries, invested millions of dollars to deploy a variety of commonly used on-premise and hybrid email security systems.
The latest report found more than 14,277,163 pieces of spam, 9,992 emails containing dangerous file types, and 849 unknown emails with malware attachments — all missed by the incumbent providers and delivered to users’ inboxes.
Most notably, 11,653 known emails with malicious attachments passed through these systems, an increase of 532 per cent in comparison with last quarter’s assessment.
Impersonation attacks also continue to be a problem for organisations, as 23,072 incidents were caught – increasing 22 per cent in comparison quarter over quarter.
Matthew Gardiner, cyber security strategist at Mimecast, said the results highlight the need for higher standards.
“Mimecast’s ESRA is aiming to establish a standard of transparency that raises the bar for all security vendors helping organisations pinpoint weaknesses in their defences,” he said.
“Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6 per cent of the aggregate impersonation attacks while another global security vendor missed 83.4 percent of the known malware attachments.”
Mr Gardiner warned against complacency.
“No single technique can be relied upon to stop the rapidly evolving attacks and organisations need to ensure they also have continuity during, and automated recovery after an attack to achieve cyber resilience for email.
“Mimecast’s multilayered security inspection system consists of more than 100 analytic techniques and threat data sources provided both by in-house development and third-party sources.”
Mimecast recently conducted global research with Vanson Bourne on the state of organisations’ cyber security, what attacks they’ve seen increase, and their level of confidence to thwart these evolving attacks.
The findings were based on responses from 800 IT decision makers and C-level executives.
Not surprisingly, organisations are forecasting a challenging future, with nearly 60 per cent of respondents saying their organisation is likely to suffer a negative business impact because of an email-borne attack in 2018.
Analysis: Bank ‘misconduct’ a woeful understatement
By Adam Zuchetti
Analysis: Banks wrongly targeted as business custodians
By Adam Zuchetti
Opinion: Religion and business – should they mix?
By Adam Zuchetti