Out of 45m emails 25% are ‘un­safe’

Kuwait Times - - TECHNOLOGY -

Mime­cast Lim­ited (NAS­DAQ: MIME), a lead­ing email and data se­cu­rity com­pany, yes­ter­day an­nounced the re­sults of its third quar­terly Email Se­cu­rity Risk As­sess­ment (ESRA),a re­port of the re­sults of tests which mea­sure the ef­fec­tive­ness of in­cum­bent email se­cu­rity sys­tems. This quar­ter’s as­sess­ment noted a con­tin­ued chal­lenge of se­cur­ing or­ga­ni­za­tions from ma­li­cious at­tach­ments, dan­ger­ous files types, im­per­son­ation at­tacks, as well as spam - with nearly a quar­ter of “un­safe” email be­ing de­liv­ered to users’ in­boxes.

Among the email se­cu­rity ser­vices as­sessed, the tests found that us­ing Mime­cast in con­junc­tion with prom­i­nent cloud-based email ser­vice providers, in­clud­ing Google G Suite and Mi­crosoft Of­fice 365, would sub­stan­tially im­prove re­sults by block­ing thou­sands more email­borne at­tacks. The re­port in­di­cates the need for or­ga­ni­za­tions to en­hance their cy­ber re­silience strate­gies for email with a multi-lay­ered ap­proach that in­cludes a third-party se­cu­rity ser­vice provider.

“To achieve a com­pre­hen­sive cy­ber re­silience strat­egy, or­ga­ni­za­tions need to first as­sess the ac­tual ca­pa­bil­i­ties of their cur­rent email se­cu­rity so­lu­tion. Then, they should en­sure there’s a plan in place that cov­ers ad­vanced se­cu­rity, data man­age­ment and busi­ness con­ti­nu­ity, as well as aware­ness train­ing to the end user, which com­bined help pre­vent at­tacks and mit­i­gate busi­ness im­pact,” said Ed Jennings, chief op­er­at­ing of­fi­cer at Mime­cast. “These quar­terly Mime­cast ESRA re­ports high­light the need for the en­tire in­dus­try to work to­ward a higher stan­dard of email se­cu­rity.”

Mal­ware at­tach­ments on the rise

The risks to email re­main whether de­liv­ered to a cloud­based, on-premises, or to a hy­brid email en­vi­ron­ment. Email re­mains the top at­tack vec­tor for de­liv­er­ing se­cu­rity threats such as ran­somware, im­per­son­ation, and ma­li­cious files or URLs. At­tack­ers mo­tives in­clude cre­den­tial theft, ex­tract­ing a ran­som, de­fraud­ing vic­tims of cor­po­rate data and funds and in sev­eral re­cent cases, sab­o­tage with data be­ing per­ma­nently de­stroyed. To date, Mime­cast’s ESRA re­ports have in­spected the in­bound email re­ceived for 62,323 email users over a cu­mu­la­tive 428 days. More than 45 mil­lion emails were in­spected, all of which had passed through the in­cum­bent email se­cu­rity sys­tem in use by each or­ga­ni­za­tion - of this, 31 per­cent were deemed “un­safe” by Mime­cast. These as­sess­ments have un­cov­ered more than10.8 mil­lion pieces of spam, 8,682 dan­ger­ous file types, 1,778 known and 503 un­known mal­ware at­tach­ments and 9,677 im­per­son­ation emails to date.

Com­mon threats

When the data was sliced by in­cum­bent email se­cu­rity ven­dor the re­port found that even some of the top email cloud play­ers were miss­ing com­monly found ad­vanced se­cu­rity threats, high­light­ing the need for a multi-lay­ered ap­proach to email se­cu­rity. No­tably these cloud ven­dors are leav­ing or­ga­ni­za­tions vul­ner­a­ble by miss­ing mil­lions of spam emails and thou­sands of threats and al­low­ing them to be de­liv­ered to the users’ email in­boxes. Many or­ga­ni­za­tions have a false sense of se­cu­rity be­liev­ing that a sin­gle cloud email ven­dor can pro­vide the ap­pro­pri­ate se­cu­rity mea­sures to en­sure pro­tec­tion from email threats. This quar­terly ESRA re­port strongly in­di­cates the need for or­ga­ni­za­tions to con­sider third party email se­cu­rity ser­vices to more ef­fec­tively se­cure their email and in­crease their over­all cy­ber re­silience.

Late last year, Mime­cast com­mis­sioned For­rester Con­sult­ing to eval­u­ate driv­ers of cloud-based email adop­tion and to eval­u­ate their re­lated busi­ness con­cerns and ex­pec­ta­tions. The re­port, ti­tled Clos­ing The Cloud Email Se­cu­rity Gap, re­vealed that only 5 per­cent of re­spon­dents are very con­fi­dent in the over­all se­cu­rity ca­pa­bil­i­ties of their cho­sen email cloud provider. In fact, 44 per­cent of re­spon­dents said they would re­view the se­cu­rity im­pli­ca­tions of their cloud provider more thor­oughly if they were to de­ploy a cloud-based email plat­form again. In this re­port, For­rester Con­sult­ing rec­om­mended that to en­hance their cy­ber re­silience, these or­ga­ni­za­tions should lever­age a third­party se­cu­rity ser­vices provider to de­fend against all forms of email­borne threats.

Ed Jennings

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.