Small businesses remain unaware of the dangers email threats can pose

Thousands of targeted attacks detected amongst small businesses, including 421 email threats with unknown malware attachments.

Mimecast Limited today announces the launch of the Mimecast Email Security Risk Assessment (ESRA), an analysis report measuring the effectiveness of email security systems. This effort highlights the need to push the entire industry to work toward a higher standard of email threats security.

The report shows that millions of email attacks ranging from opportunistic spam to highly-targeted impersonation attacks are getting through incumbent email security systems costing organisations a lot of time and money to clean up.

Many organisations think their current email security systems are up to the task of protecting them. However, if an organisation hasn’t reviewed its approach to email threats security within the last 18 months, it is likely vulnerable to attack. The Mimecast ESRA testing to date has covered 23,744 email users over a cumulative 153 days of inbound email received into the organisations participating in the testing.

This first report compiled the results of all assessments performed, in which more than 26 million emails were inspected by the Mimecast service. These emails had all passed through the incumbent email security vendor or cloud email service in use by each organisations.

However, Mimecast found millions of missed email threats had gotten through these incumbent security systems. It uncovered almost 3.5 million pieces of spam, 6,681 dangerous file types, 1,207 known and 421 unknown malware attachments and 1,697 impersonation attacks.

To complement this hands-on testing, Mimecast conducted research with Vanson Bourne on the state of organisations’ cybersecurity, their expectations and needs and what attacks they’ve seen increase. Findings were based on responses received from 800 IT decision makers and C-level executives globally.

Not surprisingly, and consistent with the results of the Mimecast ESRA report, advanced attacks were reported to be on the rise. For example, forty-five per cent of respondents reported an increase in malicious macros within attachments.

Not only that, but 64 per cent of organisations believe they will suffer a negative business impact from cybercriminals in 2017, while 56 per cent think malicious emails threats or URLs will be the likely attack vector.

‘It’s easy to assume that your email security solution is protecting you from advanced attacks. If you don’t have visibility into what’s actually getting delivered to the inboxes of employees, why would you think otherwise? We launched ESRA at the request of organisations who wanted an easy way to assess the risks and to see a greater level of detail to help understand the impact to their business,’ says Ed Jennings, chief operating officer at Mimecast.

‘As we’ve shared the findings with CISOs globally, they’ve been taken aback by the volume and type of attacks getting through their current email security solutions. The visibility this assessment offers is actionable, and is being used to reprioritise their current email security strategies. By launching the Mimecast ESRA, we are helping to establish the new standard of transparency for organisations while at the same time helping to raise the bar for the industry.’