Mimecast flags spike in business email compromise attacks

Email security vendor claims BEC attacks nearly trebled in latest quarter

Business email compromise (BEC) attacks have seen a "significant increase", Mimecast has warned.

In its quarterly Email Security Risk Assessment (ESRA) report, the email security vendor noted that there had been a 269 per cent spike in BEC attacks compared with the previous quarter.

BEC attacks are also known as email-based impersonation fraud and their increase is due to their ability evade many traditional email security systems worldwide.

Other research by Mimecast found that 85 per cent of the 1,025 respondents experienced an impersonation attack in 2018, with 73 per cent of those experiencing a direct business impact, such as data, financial or customer loss.

The ESRA also found a spike in other forms of attack, such as emails containing dangerous file types, malware attachments and spam being delivered to users' inboxes from incumbent email security systems.

The report found nearly 29 million spam emails, 28,808 malware attachments and 28,726 dangerous files types were all missed by incumbent providers and delivered to users' inboxes, an overall false-negative rate of 11 per cent of inspected emails.

The results from the report are indicative of the need for the entire industry to work together to build a higher standard of email security, according to Mimecast.

"This ESRA report pointed out that impersonation attacks continue to menace all types of organisations, but I think the real issue is that there are tens of thousands of email-borne threats successfully able to bypass the email security systems that organisations have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails," stated Joshua Douglas, vice president of threat intelligence at Mimecast.

"Cybercriminals will always look for new ways to bypass traditional defences and fool users.

"This means the industry must focus their efforts on investing in research and development, unified integrations and making it easier for users to be part of security defences, driving resilience against evolving attacks."

Tom Corrigan, UK channel director for Mimecast, said that the "human paradigm" will always be at the centre of security threats.

"If that human paradigm caused the next ransomware outbreak or if it was more nefarious and led to an insider threat situation, it requires our channel community to be capable of positioning the benefits of a user awareness programme, creating a human firewall, on top of layered security technologies and mitigation tools that come together to minimise the impact of human error and to make a company more resilient," he said.