Impersonation attacks are increasing worldwide, according to the most recent quarterly "Email Security Risk Assessment" (ESRA) from email and data security provider Mimecast.
Key findings from Mimecast's ESRA of more than 142 million emails included:
- 203,000 malicious links within approximately 10 million emails were deemed safe by security systems; this represents a ratio of one unstopped malicious link for every 50 emails inspected.
- More than 19 million pieces of spam, 13,000 emails containing dangerous file types and 15,000 malware attachments were delivered to users' inboxes.
- More than 41,000 impersonation attacks were discovered, which represents an 80 percent year-over-year increase.
Cybercriminals are using new attack vectors to access corporate and employee data and steal money, Mimecast indicated. As such, organizations must deploy a multi-layered approach to enhance their cyber resilience strategies and keep pace with evolving email attacks.
How to Protect Against Spear Phishing and Other Email Attacks
Hackers are increasingly using spear phishing to obtain information about potential victims, craft personalized emails and launch cyberattacks, Troy Gill, senior security analyst at cybersecurity solutions provider AppRiver, told MSSP Alert. Fortunately, there are several ways that organizations can empower their employees to detect and address spear phishing and other email attacks, such as:
- Use strong passwords: Employees should use passwords that range between eight and 12 characters and include a combination of upper and lowercase letters, numbers and symbols, and they should never use the same password for different accounts.
- Differentiate safe and unsafe web links. Employees should only click authentic web links within emails. If an employee is unsure about whether a web link is safe, he or she should contact the source directly to verify its authenticity.
- Offer employee training. Provide security awareness and social engineering training that teaches employees how to identify and address email attacks.
- Perform an online review. Encourage employees to review their online profiles and update their privacy settings on social media sites.
Organizations also can partner with MSSPs that provide email security services. MSSPs can deploy email security services that automatically detect and block cyberattacks and conduct regular IT security audits to help organizations quickly address security issues.
