Top
Cloud Email Service Providers Leaving Holes in Security, Driving Need for
Third-Party Email Security Services
Dubai, UAE, July 27, 2017– Mimecast
Limited (NASDAQ: MIME), a
leading email and data security company, today announced the results of its
third quarterly Email Security Risk Assessment (ESRA), a report of the
results of tests which measure the effectiveness of incumbent email security
systems. This quarter’s assessment noted a continued challenge of securing
organizations from malicious attachments, dangerous files types, impersonation
attacks, as well as spam – with nearly a quarter of “unsafe” email being
delivered to users’ inboxes. Among the email security services assessed, the
tests found that using Mimecast in conjunction with prominent cloud-based email
service providers, including Google G Suite and Microsoft Office 365, would
substantially improve results by blocking thousands more email-borne attacks. The
report indicates the need for organizations to enhance their cyber
resilience strategies for email with a multi-layered approach that
includes a third-party security service provider.
“To achieve
a comprehensive cyber resilience strategy, organizations need to first assess
the actual capabilities of their current email security solution. Then, they
should ensure there’s a plan in place that covers advanced security, data
management and business continuity, as well as awareness training to the end
user, which combined help prevent attacks and mitigate business impact,” said Ed
Jennings, chief operating officer at Mimecast. “These quarterly Mimecast
ESRA reports highlight the need for the entire industry to work toward a higher
standard of email security.”
Malware Attachments, Impersonation Attacks and
Dangerous File Types Still on the Rise
The risks
to email remain whether delivered to a cloud-based, on-premises, or to a
hybrid email environment. Email remains the top attack vector for delivering
security threats such as ransomware, impersonation, and malicious files or
URLs. Attackers motives include credential theft, extracting a ransom,
defrauding victims of corporate data and funds and in several recent cases,
sabotage with data being permanently destroyed. To
date, Mimecast’s ESRA reports have inspected the inbound email received for 62,323
email users over a cumulative 428 days. More than 45 million emails were inspected,
all of which had passed through the incumbent email security system in use by
each organization – of this, 31 percent were deemed “unsafe” by Mimecast. These
assessments have uncovered more than 10.8 million pieces of spam, 8,682
dangerous file types, 1,778 known and 503 unknown malware attachments
and 9,677 impersonation emails to date.
Top Cloud Email Service Providers Missing Advanced,
But Very Common Threats
When the data
was sliced by incumbent email security vendor the report found that even some
of the top email cloud players were missing commonly found advanced security
threats, highlighting the need for a multi-layered approach to email security.
Notably these cloud vendors are leaving organizations vulnerable by missing millions
of spam emails and thousands of threats and allowing them to be delivered to
the users’ email inboxes. Many organizations have a false sense of security believing
that a single cloud email vendor can provide the appropriate security measures
to ensure protection from email threats. This quarterly ESRA report strongly indicates
the need for organizations to consider third party email security services to
more effectively secure their email and increase their overall cyber
resilience.
Late last
year, Mimecast commissioned Forrester Consulting to evaluate drivers
of cloud-based email adoption and to evaluate their related business concerns
and expectations. The report, titled Closing
The Cloud Email Security Gap, revealed that only 5% of respondents are very
confident in the overall security capabilities of their chosen email cloud
provider. In fact, 44% of respondents said they would review the security
implications of their cloud provider more thoroughly if they were to deploy a
cloud-based email platform again. In this report, Forrester Consulting
recommended that to enhance their cyber resilience, these organizations should leverage
a third-party security services provider to defend against all forms of
email-borne threats.