According to Mimecast, most organisations are concerned about malware being the main risk to their email-related security posture, but the testing result reveals an increased risk of impersonation attacks as compared to attacks leveraging malware.
It says the results highlight the continued challenge of securing organisations from malicious attachments and spam, and the findings follow a recent PhishMe study that found approximately two thirds of IT executives surveyed had dealt with a security incident originating from a deceptive email.
“Impersonation attacks are an easy and effective way to dupe unsuspecting victims by gaining trust through a combination of social engineering and technical means,” said Ed Jennings, chief operating officer at Mimecast.
Jennings said the latest ESRA reflected findings by inspecting the actual inbound email of almost 100,000 users over a cumulative 631 days.
He said these organisations used a variety of common email security systems, and more than 55 million emails to date had been inspected as part of the Mimecast ESRA program, all of which had passed through the organisation’s incumbent email security vendor.
According to Mimecast, completed assessments had found more than 12,400,000 pieces of spam, 9055 emails containing dangerous file types, 1844 known and 691 unknown emails with malware attachments, and 18,971 impersonation attacks missed by incumbent providers and delivered to users’ inboxes.