Business email compromise attacks rise exponentially: report

Mimecast ESRA report finds 269% increase in BEC attacks in last quarter

Thousands of email-borne threats successfully able to bypass legacy email security systems, Douglas observed.
Thousands of email-borne threats successfully able to bypass legacy email security systems, Douglas observed.

The volume of business email compromise (BEC) attacks rose significantly in the last quarter, the latest Email Security Risk Assessment (ESRA) by Mimecast shows.

BEC attacks are emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems.

“This ESRA report pointed out that impersonation attacks continue to menace all types of organisations, but I think the real issue is that there are tens of thousands email-borne threats successfully able to bypass the email security systems that organisations’ have in place, effectively leaving them vulnerable and putting a lot of pressure on their employees to discern malicious emails,” said Joshua Douglas, vice president of threat intelligence at Mimecast.

The latest ESRA found a 269% increase in these types of attacks, in comparison to the same findings in last quarter’s report. This trend was also reflected in recent research, the State of Email Security 2019 report, which found that 85% of the 1,025 global respondents experienced an impersonation attack in 2018, with 73% of those victims having experienced a direct business impact – like financial, data or customer loss.


How strong are your passwords?

Away from BEC attacks, the ESRA report found 28,783,892 spam emails, 28,808 malware attachments and 28,726 dangerous files types were all missed by incumbent providers and delivered to users’ inboxes, an overall false negative rate of 11% of inspected emails. The results from the report demonstrate the need for the entire industry to continue to work toward a higher standard of email security.

“Cybercriminals will always look for new ways to bypass traditional defences and fool users. This means the industry must focus their efforts on investing in research & development, unified integrations and making it easier for users to be part of security defences, driving resilience against evolving attacks,” Douglas added.

Most Popular

Digital Edition

Subscribe today and get your copy of the magazine for free