20% of Risky Emails Bypass Email Security

Far too many risky emails are infiltrating email security solutions, according to a report released Tuesday by Mimecast.

The email and data security company released its second quarterly report on the effectiveness of email security systems, the Mimecast Email Security Risk Assessment (ESRA), based on a study of more than 44,000 users. The results are bleak, depicting how risky and potentially malicious emails continue to infiltrate security solutions.

As much as 9 out of 40 million emails analyzed by Mimecast, all of which passed through an email security vendor or cloud email service, were determined to have the potential for risk. The majority of these emails were spam, but a smaller amount of more dangerous emails also bypassed security, and it only takes one to cause irreversible harm.

More than 8,300 emails examined by Mimecast contained dangerous file attachments, while 1,669 contained known malware and 8,605 were impersonation attacks.

Impersonation attacks, or social engineering scams, are when a cybercriminal attempts to impersonate a trusted individual, like a company CEO, to obtain confidential information from duped employees. These types of scams have risen 400% since the release of Mimecast’s February ESRA report.

Phishing is now the primary entry method for cybercriminals seeking to access organizations according to a recent report from Symantec.  

It’s also a preferred method of the Russian military according to a leaked NSA document published Monday by The Intercept. The report describes how the Russian military used email phishing to target United States agencies and services in the lead-up to the 2016 Presidential election.

Hackers attempted to spear-phish a private company in the United States to access information on voting-related technology, as well as targeting government agencies to impede requests for absentee ballots. 

Next story loading loading..