Local duo reap reward of well-timed defence against scam
ASMALL announcement by the FBI last year, headed “Business e-mail compromise”, was part of a perfect storm that led to stellar results released this week by e-mail security company Mimecast.
Founded by South Africans Peter Bauer and Neil Murray and quietly listed on the Nasdaq exchange last year, Mimecast announced revenue of $36.9-million (about R583-million) for the past quarter, up 27% on the previous quarter.
It helps that its cloud-based approach to e-mail management and security has been picked up by 1 800 new corporate customers in the past quarter, taking the client base to more than 18 000 businesses. A new operations chief and beefed-up sales team also contributed.
But the FBI memo could have been specifically designed for Mimecast: it declared that business e-mail compromise, which it defined as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments”, used highly personalised e-mail to defraud 8 179 victims last year. The FBI put the global losses at $1.2-billion — money willingly transferred by businesses under the mistaken assumption the transfers were legitimate.
“Victims report being contacted by fraudsters, who typically identify themselves as lawyers or representatives of law firms and claim to be handling confidential or time-sensitive matters,” the FBI said. “This contact may be made via either phone or e-mail. Victims may be pressured by the fraudster to act quickly or secretly in handling the transfer of funds. This type of . . . scam may occur at the end of the business day or work week or be timed to coincide with the close of business of international financial institutions.”
Meanwhile, Mimecast had released the ideal protection: a product called Impersonation Protect. Part of Mimecast’s Targeted Threat Protection range, it is the first to tackle the e-mail scam, which is also known in the industry as whaling.
Such attacks bypass traditional security as there is no malware to detect. Instead, they use “social engineering” to target individuals responsible for finances.
“About 12 to 18 months ago we started seeing a real uptick in these e-mails being sent by attackers, and they are extremely targeted,” Bauer told Business Times this week. “The attackers will have done a fair amount of research through LinkedIn to understand the organisation’s structure, and maybe even got their hands on other e-mails sent by the organisation, to get a sense of mail structure.
“So they can pull off a very authentic looking piece of communication . . . The attack is not a ‘spray and pray’ thing; it’s to lure the recipient into a bit of dialogue to make it seem authentic.”
Mimecast collected a batch of these mails and looked for reliable ways of detecting them, creating an algorithm that identified indicators of risk and impersonation.
“No one thing is a silver bullet, but when you combine the indicators and the contents of the message, you can assemble a risk score that is pretty reliable in detecting impersonating activity,” said Bauer.
The result? Sales of Targeted Threat Protection rocketed, with more than 1 000 companies buying it as new customers, and 19% of all clients now using it.
With board-level decisionmakers under increasing pressure to explain what they are doing about cyber security risk, Mimecast can probably expect a lot more companies to come knocking on its well-defended door.
Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow @art2gee on Twitter and Instagram