A new research conducted by Mimecast and Vanson Bourne revealed that organisations are not only facing a variety of different threats, but the volume and frequency of these attacks continue their upward trajectory. In fact, 53 percent expect a negative business impact from these email-borne threats in 2018 raising the concerns for email security this year.
Impersonation attacks commonly use social engineering, and are designed to trick users such as finance managers, executive assistants, and HR representatives into making wire transfers or providing information which can be monetized by cybercriminals. Normally, these attacks target people from within the same company; however, attackers have started to impersonate senders from so called trusted third parties that the target company does business with regularly.
The research found that 40 percent of the 800 IT-decision makers who responded said they saw an increase of these types of attacks over the past 12 months. Impersonation Protect, from Mimecast, will offer supply chain impersonation protection to guard companies against similar or lookalike 3rd party email domains, helping to stop these attacks before they could cause any issue.
Lookalike domains are also increasingly becoming a problem, as recently publicized in top media outlets, like KrebsonSecurity. Attackers are now using non-western character sets to display letters that look identical to the naked eye, such as the Cyrillic “а” in comparison to the Western “a”. This tactic helps to mask the true destination of a link. Mimecast has incorporated new capabilities within Impersonation Protect and URL Protect that are designed to use new algorithms to protect internal users from similar or lookalike domains.
“Cybercriminals are constantly looking for new ways to be stealthy and trick users, which was the key driver for us to enhance Targeted Threat Protection with these new capabilities. Research found that 97 percent of respondents said maintaining email uptime is critical for business continuity, yet only 27 percent have adopted a cyber resilience strategy. In fact, for those that had suffered an email-based attack in the last year, the average recovery time was three days. That’s a long time, and, for many organizations, catastrophic,” said Ed Jennings, Chief Operating Officer at Mimecast. “It is critical organizations have comprehensive security controls in place before, continuity during, and automated recovery after an attack to help them build cyber resilience for email.”