Increase in Business Email Compromise (BEC) attacks

October 2019 Cyber Security, Security Services & Risk Management

Mimecast has announced the availability of its latest Email Security Risk Assessment (ESRA). The quarterly assessment is an aggregated report of tests that measure the efficacy of widely used email security systems. This quarter’s ESRA report found a significant increase in Business Email Compromise (BEC) attacks, emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems.

BEC attacks, also referred to as email-based impersonation fraud, is an issue that is not going away because these attacks can easily evade many traditional email security systems on a global scale. The latest ESRA found a 269% increase in these types of attacks, in comparison to the same findings in last quarter’s report. This trend was also reflected in recent research, the State of Email Security 2019 report, which found that 85% of the 1 025 global respondents experienced an impersonation attack in 2018, with 73% of those victims having experienced a direct business impact – like financial, data or customer loss.

The rise in BEC attacks underscores the need for organisations to add protection against well-resourced attackers. A 2019 Osterman Research Report titled “Ten Questions to Ask About Your Office 365 Deployment”, concluded Microsoft Office 365 alone, “will not fully meet many organisations’ requirements.” Today, close to half of Mimecast customers bolster the cyber resilience of their Microsoft Office 365 deployments with services including, targeted threat protection to defend against bad actors and BEC attacks.

BEC attacks are not the only method cybercriminals have been successfully leveraging to target organisations. The ESRA report found 28 783 892 spam emails, 28 808 malware attachments and 28 726 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes, an overall false negative rate of 11% of inspected emails. The results from the report demonstrate the need for the entire industry to continue to work toward a higher standard of email security.

“This ESRA report pointed out that impersonation attacks continue to menace all types of organisations, but I think the real issue is that there are tens of thousands email-borne threats successfully able to bypass the email security systems that organisations’ have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails,” said Joshua Douglas, vice president of threat intelligence at Mimecast. “Cybercriminals will always look for new ways to bypass traditional defences and fool users. This means the industry must focus their efforts on investing in research & development, unified integrations and making it easier for users to be part of security defences, driving resilience against evolving attacks.”

Mimecast produces quarterly ESRA reports to offer organisations insights on the rise of new types of email-borne threats and key trends in malicious email campaigns.

Additional Resources

• Download the Email Security Risk Assessment infographic

• Understand the key findings from the State of Email Security 2019 report




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Pwn2Own hacking contest to include industrial control systems
October 2019 , Cyber Security
As IT and OT converge under Industry 4.0 and digital transformation initiatives, security gaps are emerging in a range of popular industrial control systems.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
The importance of XDR for cyber protection
October 2019 , Cyber Security, Products
35% of South African organisations are expecting an imminent cyberattack and a further 31% are bracing for it to happen within a year, according to local research conducted by Trend Micro.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky Lab , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Cybersecurity for video surveillance systems
September 2019 , Cyber Security, CCTV, Surveillance & Remote Monitoring
Video surveillance systems are increasingly accessible over any IP network, which has led to the rise of potential cyberattack.

Read more...
Cyber-securing your surveillance infrastructure
CCTV Handbook 2019, Genetec, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
When it comes to cybersecurity, understanding the risks and the solutions as well as engaging in open communication helps everyone.

Read more...