New study explains how cyber criminals are targeting human error to rip off businesses.
Business phishing emails have increased by 400% over the last quarter, according to a study by security company Mimecast.
The study of 44,000 business users' inbound email found that these attacks, in which cyber criminals impersonate C-level executives, business partners, or employees, are being exploited at an alarming rate, with the aim of duping recipients into initiating wire transfers and sending back other sensitive data that could lead to a significant financial loss.
The Mimecast Email Security Risk Assessment (ESRA) measured the effectiveness of email security systems currently in use by thousands of organisations worldwide, and its second quarterly assessment, released today, found that spam and various attacks continue to get through incumbent email security systems.
It also uncovered almost nine million pieces of spam, 8,318 dangerous file types, 1,669 known and 487 unknown malware attachments and 8,605 impersonation attacks.
The firm said this data “reinforces the concerning reality that the industry must work towards a higher standard of email security, as 90% of attacks start with email. In general, organisations everywhere are struggling with prolific ransomware attacks, like Locky [ransomware].”
“Cyber criminals are constantly adapting their attack methods. For instance, this latest ESRA analysis reflects how impersonation attacks are getting through existing email security defences at an alarming rate. If [an information security executive] isn’t reviewing its current email security solution on a 12 to 18-month basis, they may be surprised at what threats are now getting into employees’ inboxes,” said Ed Jennings, chief operating officer at Mimecast.
“At the same time, email security providers need to ensure they’re doing their due diligence to protect customers from new attacks, whether they be advanced or simple. The Mimecast ESRA results show a clear need for the security industry to come together in the fight against email-borne threats.”