June 6, 2017, Watertown, MA – Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today announced the most recent quarterly release of the Mimecast Email Security Risk Assessment (ESRA), a test which measures the effectiveness of email security systems currently in use by thousands of organizations globally. In its second quarterly assessment, Mimecast found that both known and unknown attacks, as well as spam, are continuing to get through incumbent email security systems. In addition and of particular concern, are emails that contain no malware, and instead rely on duping recipients into responding to a request that usually involves sending the attacker money or highly monetizable data. These points were addressed in a January 2017 commissioned Forrester Consulting study titled, Closing the Cloud Security Email Gap, which recommended that organizations engage with a trusted third-party security vendor to more effectively close the gap with their email security.
In comparison to the data initially reported in the February 2017 ESRA, the number of impersonation attacks detected this quarter rose more than 400 percent quarter over quarter. Impersonation attacks consist of social engineering heavy emails that attempt to impersonate a trusted party such as a C-level executive, employee or business partner. This simple method of attack is being exploited at an alarming rate as it can be used to dupe recipients into initiating wire-transfers and sending back other sensitive data leading to significant financial loss – as evidenced by widely publicized recent attacks. In fact, a public service announcementissued by the Federal Bureau of Investigation (FBI) stated that between October 2013 and December 2016 business email compromise scams resulted in a total loss of more than $5.3 billion US dollars. Between January 2015 and December 2016 alone, there was a 2,370% increase in identified exposed losses.
This latest ESRA reflects findings from inspecting the inbound email for more than 44,000 users over a cumulative 287 days received by participating organizations. In aggregate to date more than 40 million emails have been inspected by Mimecast, all of which had already passed through the incumbent email security vendor or cloud email service in use by each organization. The ESRA test uncovered almost 9 million pieces of spam, 8,318 dangerous file types, 1,669 known and 487 unknown malware attachments and 8,605 impersonation attacks. The data reinforces the concerning reality that the industry must work towards a higher standard of email security, as 90 percent of attacks start with email. In general, organizations everywhere are struggling with prolific ransomware attacks, like Locky.
“Cybercriminals are constantly adapting their attack methods. For instance, this latest ESRA analysis reflects how impersonation attacks are getting through existing email security defenses at an alarming rate. If a CISO isn’t reviewing its current email security solution on a 12-18 month basis, they may be surprised at what threats are now getting into employees’ inboxes,” said Ed Jennings, chief operating officer at Mimecast. “At the same time, email security providers need to ensure they’re doing their due diligence to protect customers from new attacks, whether they be advanced or simple. The Mimecast ESRA results show a clear need for the security industry to come together in the fight against email-borne threats.”
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|_GRECAPTCHA||5 months 27 days||This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.|
|cookielawinfo-checkbox-advertisement||1 year||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".|
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
|bcookie||2 years||This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.|
|lang||session||This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.|
|lidc||1 day||This cookie is set by LinkedIn and used for routing.|
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
|YSC||session||This cookies is set by Youtube and is used to track the views of embedded videos.|
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
|_ga||2 years||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.|
|_gat_gtag_UA_116473530_1||1 minute||This cookie is set by Google and is used to distinguish users.|
|_gat_UA-116473530-1||1 minute||This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.|
|_gid||1 day||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.|
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
|bscookie||2 years||This cookie is a browser ID cookie set by Linked share Buttons and ad tags.|
|IDE||1 year 24 days||Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.|
|test_cookie||15 minutes||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.|
|VISITOR_INFO1_LIVE||5 months 27 days||This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.|
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
|AnalyticsSyncHistory||1 month||No description|
|CONSENT||16 years 7 months 5 days 13 hours||No description|
|li_gc||2 years||No description|
|prism_476809757||1 month||No description|
|UserMatchHistory||1 month||Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.|