More than 13% of emails that should be halted by a company’s email security system arrive in their intended inbox, according to a new study released Tuesday by Mimecast.
The email security company assessed more than 26 million company emails from volunteer organizations that provided Mimecast access to their inbound emails. Mimecast was blind copied on every email that passed the initial email security system check, sent to Mimecast’s cloud-based servers, and then investigated for spam or malicious content.
Mimecast's study found that 13.2% of these emails that should have been halted passed through security undisturbed. Less than 1% of these emails contained malicious content, but just one successful email attack can be disastrous for a company or organization. While 99.7% of emails that should have been stopped by email security systems were categorized as spam, the rest contained malicious content liked malware and phishing scams.
“The reality is, the entire industry needs to work toward a higher standard of quality, protection and overall email security,” states the Mimecast Email Risk Assessment 2017 report.
6,681 emails were found to contain dangerous file types, at risk of carrying malware, while malware was in fact identified in 1,628 emails. There were 421 cases of emails containing new forms of malware that a computer’s malware-detection software would be unlikely to detect until a new software update was released.
Mimecast also identified 1,697 impersonation emails, phishing attempts that mimic real people and pretend to be sent from a legitimate source in order to access company sensitive data. These types of data breaches can be incredibly costly, impacting a brand’s time, resources, value and reputation.
The data comes on the heels of Mimecast’s launch of a new email security solution on Monday to protect against these type of social engineering threats. Unveiled at the RSA Conference, Mimecast Internal Email Protect solution aims to eliminate email threats that start from an internal email source, such as whaling attempts. The security product is an add-on subscription to Mimecast’s Targeted Threat Protection (TTP) platform.