|13 October, 2019

New report finds staggering increase in Business Email Compromise attacks

New Mimecast ESRA Report Finds Millions of Spam, Tens of Thousands of BEC or Impersonation Attacks, Dangerous File Types and Malware Attachments being Delivered to Users' Inboxes

Josh Douglas, vice president of threat intelligence at Mimecast.

Josh Douglas, vice president of threat intelligence at Mimecast.

Dubai, United Arab Emirates: Mimecast (NASDAQ: MIME), a leading email and data security company, announced the availability of its latest Email Security Risk Assessment (ESRA). The quarterly assessment is an aggregated report of tests that measure the efficacy of widely used email security systems.[1] This quarter’s ESRA report found a significant increase in Business Email Compromise (BEC) attacks, emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems.

BEC attacks, also referred to as email-based impersonation fraud, is an issue that is not going away because these attacks can easily evade many traditional email security systems on a global scale. The latest ESRA found a 269% increase in these types of attacks, in comparison to the same findings in last quarter’s report. This trend was also reflected in recent research, the State of Email Security 2019 report, which found that 85% of the 1,025 global respondents experienced an impersonation attack in 2018, with 73% of those victims having experienced a direct business impact – like financial, data or customer loss.

The rise in BEC attacks underscores the need for organizations to add protection against well-resourced attackers.  A 2019 Osterman Research Report titled “Ten Questions to Ask About Your Office 365 Deployment”, concluded Microsoft Office 365 alone, “will not fully meet many organizations’ requirements.” Today, close to half of Mimecast customers bolster the cyber resilience of their Microsoft Office 365 deployments with services including, Targeted Threat Protection to defend against bad actors and BEC attacks.

BEC attacks are not the only method cybercriminals have been successfully leveraging to target organizations. The ESRA report found 28,783,892 spam emails, 28,808 malware attachments and 28,726 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes, an overall false negative rate of 11% of inspected emails. The results from the report demonstrate the need for the entire industry to continue to work toward a higher standard of email security.

“This ESRA report pointed out that impersonation attacks continue to menace all types of organizations, but I think the real issue is that there are tens of thousands email-borne threats successfully able to bypass the email security systems that organizations’ have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails,” said Joshua Douglas, vice president of threat intelligence at Mimecast. “Cybercriminals will always look for new ways to bypass traditional defences and fool users. This means the industry must focus their efforts on investing in research & development, unified integrations and making it easier for users to be part of security defences, driving resilience against evolving attacks.”

Mimecast produces quarterly ESRA reports to offer organizations insights on the rise of new types of email-borne threats and key trends in malicious email campaigns.

[1] Specific security policy settings and controls of the incumbent email security system are directly managed by the individual customers of these other vendors.

© Press Release 2019

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

More From Press Releases