Nearly a third of emails landing in the inboxes of G Suite, Office 365 and other cloud services are 'unsafe', according to security provider.
Something you often hear from security specialists is the need for layered protection, or defence in depth. The idea is that if an attack gets past one layer, others may be able to block it.
Email security provider Mimecast runs quarterly tests involving more than 62,000 users to find out how much “unsafe” email (spam, malicious attachments, impersonation attacks and so on) reaches addressees' inboxes despite the filtering performed by prominent cloud email services including G Suite and Office 365.
In February, Mimecast said the false negative rate (unsafe messages allowed through) was 13.2 percent. That figure grew to 31 percent in the latest tests – nearly a third of messages getting through mail providers filters are unwanted in one way or another.
The good news is that the overwhelming bulk of those false positives are spam. More than 10.8 million pieces of spam were delivered by the email providers but detected by Mimecast, along with 2281 pieces of malware and 9,677 impersonation emails.
Another 8,682 messages had “dangerous file type” attachments. These are filetypes that aren't commonly used (unlike .doc or .pdf, for instance) but can be employed to exploit systems. Examples include .bat, .hlp, .jar, .reg, .sh and .vbs.
“To achieve a comprehensive cyber resilience strategy, organisations need to first assess the actual capabilities of their current email security solution. Then, they should ensure there’s a plan in place that covers advanced security, data management and business continuity, as well as awareness training to the end user, which combined help prevent attacks and mitigate business impact,” said Mimecast COO Ed Jennings.
“These quarterly Mimecast ESRA [Email Security Risk Assessment] reports highlight the need for the entire industry to work toward a higher standard of email security.”
As well as Mimecast, other mail filtering services include MailGuard and MailSentry.