Return to sender
Giulio Magni, security specialist, Mimecast MEA says protecting email should be at the heart of every IT security strategy
Email, arguably the most crucial of all organisations online applications, is also the greatest conduit for malware.
It is estimated that over 90% of cyberattacks take place through email, making it a critical attack vector to secure, notes Giulio Magni, security specialist, Mimecast MEA.
Businesses around the world are losing millions due to phishing attacks and with new threats evolving, like spear phishing and whaling and with the increase of ransomware attacks, the amount is increasing on a daily basis, notes Magni. According to research, the average company goes 229 days before realizing it’s been breached. By this time, cybercriminals could have extracted important or highly sensitive data, introduced malware or ransomware into its environment or even launched a whaling attack resulting in direct financial loss and impact to reputation, Magni says.
Mimecast is an international company specialising in cloud-based email management for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail
According to some recent research Mimecast conducted, 55% of organisations have seen an increase in the volume of whaling attacks over the last three months with domain-spoofing being the most popular attack type (70%). Most whaling attacks pretend to be the CEO (72%), while 35% had seen whaling emails attributed to the CFO.
Mimecast has evolved a novel approach to handling email threats and security.
Mimecast makes use of a single integrated platform which enables the company to evolve its products constantly to counteract the evolving world of cybercrime, says Magni. “Our layered security tools makes use of best-of-breed technology and is adaptive in response to new threats safeguarding our customers before they are impacted and help to defend organisations and users from attacks,” he adds.
Mimecast was born as a cloud service and as a result has more than a decade of experience in designing services to secure emails in the cloud. Magni says this is a key aspect when you consider that most other cloud services today are LAN-based technologies that have been hosted in order to be cloud-ready.
Ransomware has re-emerged as one of the greatest facing organisations.
Ransomware is often introduced to the network via malicious emails, either from opening an attachment imbedded with malware or by clicking on a hyperlink in the spam email and being directed to an infected website.
Mimecast’s Targeted Threat Protection is a suite of security products and includes URL Protect, Attachment Protect and most recently, Impersonation Protect. URL Protect screens each hyperlink when clicked, enabling Mimecast solutions to analyse the destination of the hyperlink and determine whether the site it directs to is malicious, Magni explains. Often emails coming into organisations are screened on arrival, but sites may be compromised at a later stage making the real-time scanning of the destination on-click very important. “With Attachment Protect, email attachments are delivered in a safe file format to offset any malicious coding within the original attachment. We also make use of an ‘on demand’ sandbox thereby reducing any latency to email flow caused by traffic through the sandbox,” Magni explains.
Whaling, or impersonation attacks, is a recent evolution in cybercrime and targets high level executives within organisations. Mimecast’s Impersonation Protect checks all emails against a specific set of criteria to determine whether a whaling threat is likely and then flags this danger to the recipient.
Additionally Mimecast offers an approach to ransomware via its integrated Continuity Service allowing organisations to restore their systems and information when ransomware attacks occur, Magni says.
To support the implementation of advanced security software, Mimecast also advocates the building of the ‘Human Firewall’ through increased, real-time user awareness notifications; backed by administrator alerting. “This educational layer encourages all users in an organisation to interrogate their inbox and take necessary steps to protect themselves and their organisation from a cyberattack,” Magni says.
The Middle East, an attractive target of cyber criminals of all stripes, is a ripe market for security solutions as those offered by Mimecast.
According to a recent report, the Middle Eastern region has digitised at a rapid rate over the past two years and is expected to add as much as $820 billion to regional GDP by 2020. With this comes an increase in cyber threats which is already effecting businesses in the region, Magni warns.
Recent examples include a breach in the security of one of the region’s major oil and gas companies by means of a malicious virus, as well as an attack on two Middle East banks which resulted in a direct financial loss of $45 million in a few hours. “These are just two incidents but there are many more,” says Magni. “We have seen a definite increase in the demand for our security services and have subsequently decided to invest in an office in Dubai. This will allow us to first service our growing customer base in the region, as well as to take advantage of the vast and growing opportunity around cyber security,” Magni says.