Inhouse email filters still miss millions of attacks – including malware attachments, impersonation and malicious links – the latest quarterly stats from cloud provider Mimecast have found.
The company used its Email Security Risk Assessment (ESRA) tool to assess the efficiency of email security in use by 37 organisations across 20 different industries.
Looking at 142 million emails – the overwhelming majority of which had been filtered by Microsoft and Proofpoint servers – the system spotted 15,656 with malware attachments that had been missed.
A further 13,176 containing potentially dangerous files also slipped through the net, as well as 41,605 deploying address spoofing.
Within a subset of just over 10 million emails, Mimecast found 203,000 with malicious links, or around one malicious email missed for every 50 inspected.
The rise in impersonation attacks was a standout theme, said Mimecast cybersecurity strategist Matthew Gardiner. "These are difficult attacks to identify without specialised security capabilities, and this testing shows that commonly used systems aren't doing a good job catching them."
The failure of email gateways to spot attacks meant that "targeted malware, heavily socially engineered impersonation attacks, and phishing threats are still reaching employee inboxes".
A caveat with this is that Mimecast is comparing its cloud email filtering technology with on-premises servers. In Microsoft's case, a more direct comparison might be with Exchange Online Protection (EOP).
Equally, it is the case that large numbers of organisations continue to rely on inhouse gateways that are at a disadvantage to cloud email security – or at least that's the case Mimecast is trying to make. The argument is that email security should be multi-layered to avoid a single point of detection failure.
More surprising perhaps was the volume of spam gateways seem to miss – just over 19 million during Mimecast's test, including those rejected and quarantined. ®