Mimecast flags hidden threats in email

Increased dependence on cloud-based email compound security risks

Tags: Cyber crimeMimecast (mimecast.com/)
  • E-Mail
Mimecast flags hidden threats in email The key to successfully securing enterprise email data is to take a multi-layered approach towards security, Ogden says.
By  David Ndichu Published  June 30, 2018

The use of cloud-based email services, particularly Microsoft Office 365, is massive, and adoption is accelerating. However, the concentration of corporate mailboxes and operational dependency on the Microsoft environment exposes many vulnerabilities.

Email can be a powerful business tool; in fact, it’s the number one business application used by companies, observes Jeff Ogden, general manager, Mimecast Middle East. But if it isn’t part of an organisation’s core security strategy, it can become a major vulnerability. “Email is the number-one vector used to execute cyber attacks such as malware delivery, phishing, Business Email Compromise, and for spreading threats that are already internal to organisations,” Ogden warns.

There’s a clear rise in sophisticated and targeted attacks via email, Ogden notes. The email attack evolution began with spam, viruses, and malware. Next came attacks via URL links within emails, and then within documents. And in the past two years, there’s been a huge rise in impersonation attacks using social engineering. Insider threats are also gaining traction with employees who inadvertently send bad links or attachments from their personal email accounts more common than ever. Add that to the increase in supply chain attacks coming in from the so-called “trusted” third parties.

“Organisations are battling to stay ahead of today’s adversaries and despite significant investments in security technology and threat intelligence, hackers have formed communities and share ideas and pursuits, so they’re always one step ahead. As a result, organisations need to implement cyber resilience strategies for email, with comprehensive security controls before, continuity during, and automated recovery after an attack,” Ogden says.

The key to successfully securing enterprise email data is to take a multi-layered approach towards security, Ogden says. “Don’t rely on just a single vendor to provide protection but rather evaluate each element of the email journey and apply the best-of-breed of technology where appropriate. Sometimes this means using overlapping technology but ultimately building multiple layers of security ensures resilience throughout the email eco-system,” he adds.

Mimecast itself tackles email security for customers through a layered solution that brings together security, continuity and data replication capabilities in a single cloud solution.

This layered approach ensures that customers have the right security services in place before an attack happens, a durability plan to keep email and business operations running during an attack or failure, and, the ability to recover data and other corporate IP after an incident or attack occurs, Ogden says. “The email journey can be viewed in three ways: Inbound, Outbound and Internal. To secure all three, a holistic approach is needed to mitigate both external and internal threats,” Ogden says.

Mimecast’s singular focus on email security means it leads in innovation in the space, with a range of recent email protection products. 

Its latest products include Mimecast Targeted Threat Protection – Attachment Protect, an email security technology that protects employees against targeted zero-hour attacks in email that use weaponised attachments to evade traditional security measures.

Mimecast Impersonation Protect on the other hand is an email security technology that protects employees against targeted social engineering attacks in email, often called whaling or CEO Fraud. The Mimecast Targeted Threat Protection – URL Protect protects employees against targeted attacks in email, extending Mimecast’s existing Secure Email Gateway anti-spam and anti-virus services.

The Mimecast Secure Email Gateway uses multi-layered detection engines and intelligence to protect email data and employees from malware, spam, phishing, and targeted attacks 100% from the cloud.

Its Mimecast Email Archiving offers a cloud-based SaaS solution to meet corporate information management needs. Lastly, the Mimecast Internal Email Protect is a cloud-based security service providing threat capabilities for internally generated email that allows customers to detect and remediate security threats that originate from their users’ email accounts.

The messaging around email security could is not as pronounced as it should be.  “With the constantly changing cyber threat landscape, we need to educate organisations about evolving cyber attacks and how to build a cyber resilience strategy for email,” says Ogden.

In recent months, Office 365 has experienced a few outages and it is important for organisations to have a continuity solution in place to keep email flowing in the event of an outage. “We will continue to focus on helping organisations manage their email and improve cyber resilience in the cloud,” Ogden concludes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code