Mimecast Email Security Risk Assessment report finds 57 per cent of businesses in Middle East believe they will suffer as a result of cybercriminals in 2017
Leading email and data security company, Mimecast has announced the launch of the Mimecast Email Security Risk Assessment (ESRA), an analysis report measuring the effectiveness of email security systems.
This effort highlights the need to push the entire industry to work toward a higher standard of email security. The report showed that millions of email attacks ranging from opportunistic spam to highly-targeted impersonation attacks are getting through incumbent email security systems costing organizations a lot of time and money to clean up.
According to Mimecast, many organizations think their current email security systems are up to the task of protecting them. However, if an organization hasn’t reviewed its approach to email security within the last 18 months, it is likely vulnerable to attack. The Mimecast ESRA testing to date has covered 23,744 email users over a cumulative 153 days of inbound email received into the organizations participating in the testing.
This first report compiled the results of all assessments performed, in which more than 26 million emails were inspected by the Mimecast service. These emails had all passed through the incumbent email security vendor or cloud email service in use by each organization. However, Mimecast found millions of missed email threats had gotten through these incumbent security systems. Mimecast uncovered almost 3.5 million pieces of spam, 6,681 dangerous file types, 1,207 known and 421 unknown malware attachments and 1,697 impersonation attacks.
To complement this hands-on testing, Mimecast conducted research with Vanson Bourne on the state of organizations’ cybersecurity, their expectations and needs and what attacks they’ve seen increase. Findings were based on responses received from 800 IT decision makers and C-level executives globally. The Mimecast conducted Vanson Bourne research revealed that in the Middle East, 57 per cent of organisation believe they will suffer a negative business impact from cybercriminal activity in 2017. Further statistics for the Middle East reveal that around 45 per cent believe that the volume of untargeted phishing with malicious links attacks has increased, while 49 per cent believe that spear-phishing with malicious links targeted at the organization and an individual has gone up. The report revealed that email is the most likely method of ransomware infection in the Middle East and over 33 per cent of organizations in the region have admitted to an increase in ransomware attacks.
Not surprisingly, and consistent with the results of the Mimecast ESRA report, advanced attacks were reported to be on the rise. For example, forty-five percent of respondents reported an increase in malicious macros within attachments. Not only that, but 64 percent of organizations believe they will suffer a negative business impact from cybercriminals in 2017, while 56 percent think malicious emails or URLs will be the likely attack vector.
“It’s easy to assume that your email security solution is protecting you from advanced attacks. If you don’t have visibility into what’s actually getting delivered to the inboxes of employees, why would you think otherwise? We launched Mimecast ESRA at the request of organizations who wanted an easy way to assess the risks and to see a greater level of detail to help understand the impact to their business. As we’ve shared the findings with CISOs globally, they’ve been taken aback by the volume and type of attacks getting through their current email security solutions. The visibility this assessment offers is actionable, and is being used to reprioritize their current email security strategies. By launching the Mimecast ESRA, we are helping to establish the new standard of transparency for organizations while at the same time helping to raise the bar for the industry.”
Organizations need a true, comprehensive cyber resilience strategy that spans advanced security, data management and business continuity, as well as end-user empowerment to prevent attacks and mitigate business impact.