The latest Email Security Risk Assessment (ESRA) has been made available by Mimecast, an email and email security provider. The Mimecast ESRA is a quarterly report of tests used to measure the effectiveness of email security systems used in businesses around the world.
Organisations can use the report’s statistics and findings to better understand the threats that their email systems may face. As part of the assessment, more than 142 million emails that passed through organisation’s email systems were inspected. It was discovered that 203,000 malicious links were found within over 10 million emails that had been deemed safe by various security systems.
The report also found that impersonation attacks had increased by 80% since last quarter’s report with over 41,000 caught. Almost 20 million spam emails, 13,000 dangerous emails and 15,000 malware attachments were also missed by email security systems.
These results are staggering, and organisations need to improve their strategies for combating email-borne threats. Many organisations do not prioritise email security enough, and are greatly at risk of social-engineering attacks such as impersonation and malware attacks through spam or malicious attachments.
The report suggests that organisations enhance their email security through a multi-layered approach that includes a third-party service provider. Third party providers can often be overlooked by organisations that prefer to create their own internal email infrastructure, but often don’t foresee the amount of work that it demands to maintain a secure, up-to-date email security system.
“Targeted malware, heavily socially-engineered impersonation attacks, and phishing threats are still reaching employee inboxes. This leaves organisations at risk of a data breach and financial loss,” said Matthew Gardiner, cybersecurity strategist at Mimecast. “Our latest quarterly analysis saw a continued attacker focus on impersonation attacks quarter-on-quarter. These are difficult attacks to identify without specialised security capabilities, and this testing shows that commonly used systems aren’t doing a good job of catching them.”
We recommend searching for an email security provider that best suits your organisation and is actively focusing on social-engineering attacks.