There’s been a significant increase in email-based impersonation attacks worldwide over the last three months, highlighting an urgent need for businesses to work towards a higher standard of email security.
Email and data security company Mimecast has released its latest quarterly Email Security Risk Assessment, which found email-based impersonations, also known as business email compromise (BEC) attacks, had increased by 269 per cent compared with the previous quarter.
BEC attacks include emails that contain dangerous file types, malware attachments and spam.
This type of attack is an issue “that is not going away because these attacks can easily evade many traditional email security systems on a global scale”, the security company said.
The trend concurs with another piece of recent research, the State of Email Security 2019 report, which had found that 85 per cent of 1,025 global respondents had experienced an impersonation attack in 2018, with 73 per cent of those victims having experienced a direct impact on their business, whether that was financial, data or customer-based.
“The rise in BEC attacks underscores the need for organisations to add protection against well-resourced attackers,” Mimecast said, while also flagging other successful methods of attack by cyber criminals.
It highlighted that 28,783,892 spam emails, 60,495 impersonation attacks, 28,808 malware attachments and 28,726 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes in the quarter, found to be an overall false negative rate of 11 per cent of inspected emails.
The results from the report demonstrate the need for the entire industry to continue to work towards a higher standard of email security, a statement urged.
Joshua Douglas, the vice-president of threat intelligence at Mimecast, has weighed in on the findings, saying: “This ESRA report pointed out that impersonation attacks continue to menace all types of organisations, but I think the real issue is that there are tens of thousands email-borne threats successfully able to bypass the email security systems that organisations have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails
“Cyber criminals will always look for new ways to bypass traditional defences and fool users.
“This means the industry must focus its efforts on investing in research and development, unified integrations and making it easier for users to be part of security defences, driving resilience against evolving attacks.”