Complex Made Simple

WARNING: Your email security software is putting you at risk

A new report, which sheds light upon the effectiveness of incumbent email security systems, has urged organisations to enhance their cyber resilience strategies for email by using a multi-layered approach that includes a third-party security service provider.

This follows the shocking results of the study, carried out by the US-based email and data security company Mimecast Limited, which found that more than a quarter of “unsafe” emails get through security systems and are being delivered to users’ inboxes.

Alarm bells

The Mimecast study, Email Security Risk Assessment (ESRA), inspected more than 45 million emails that had passed through the incumbent email security system in use by each organisation. It discovered that an alarming 31 per cent of those were either spam or impersonation attacks or had malicious attachments or dangerous file types.

There were more than 10.8m pieces of spam, 8,682 dangerous file types, 1,778 known and 503 unknown malware attachments, and 9,677 impersonation emails in the inbound emails received by 62,323 users over 428 days.

“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” said Ed Jennings, chief operating officer at Mimecast.

Missing threats

Jennings goes on to add that even some of the top email cloud providers were missing commonly found advanced security threats.

“Notably, these cloud vendors are leaving organisations vulnerable by missing millions of spam emails and thousands of threats and allowing them to be delivered to the users’ email inboxes. Many organisations have a false sense of security believing that a single cloud email vendor can provide the appropriate security measures to ensure protection from email threats.”