Data security company Mimecast has released its latest Email Security Risk Assessment (ESRA) report (registration required), which suggests that the fastest growing threat isn’t malware — It’s impersonation attacks.
That may not sound surprising to anyone familiar with the latest trends in cybercrime. Humans have been the weak link in security for a while now—why try to exploit a secure system when you can just trick someone into giving you what you want?
That doesn’t mean spam and malware aren’t risks for businesses. Both continued to experience growth during the period of Mimecast’s study, albeit far less than impersonation attacks.
How email attacks stack up
The latest ESRA report from Mimecast sifted through nearly 56 million emails. More than 12 million of them were spam, 9,055 contained harmful files, 2,535 came with malware, and 18,971 were impersonation attacks—a 50% quarter-over-quarter increase.
Attacks of all kinds are bound to increase in quantity, but 50% is staggering, especially when harmful files and malware only increased by 15% over the same time frame.
In other words, Mimecast said, you’re seven times more likely to be hit by an impersonation attack than by email-borne malware.
Impersonation attacks and how to stop them
Mimecast calls emails that “impersonate the C-suite and ask for wire-transfers or credibly request that other sensitive data be sent to the fraudster” impersonation attacks.
What it’s talking about is essentially spear phishing: tightly targeted scams that go after a particular business or person. Spear phishing can be incredibly effective when a cybercriminal does their research, sending the right person the right message.
The average successful impersonation attack results in a dollar loss of around $139,000, which can be a lot for a small business—especially if confidential data is part of what’s stolen.
Research has shown that just about everyone can be tricked into falling for the right spear phishing attack. Combine that with the fact that it’s very hard for email filters to catch well-executed attacks, and it’s easy to see why this problem is growing faster than malware.
Ed Jennings, COO at Mimecast, said impersonation attacks are easy, effective ways to dupe targets, especially given the way email filters work. “Cybercriminals know that many traditional email security services are improving their ability to stop email-borne malware, but remain ineffective against impersonation attacks.”
As spear phishing-style attacks continue to spread, it’s important for security teams to know how to be proactive, and reactive, to them.
– Determine how susceptible your organisation is to a phishing attack by phishing your own employees. Share the results of testing with the company so employees learn what to look out for.
If internal phishing isn’t feasible, be sure to train users on what a phishing attack looks like.
– Impersonation attacks often try to mimic emails from C-level executives. Implement a company policy that closes scam avenues for would-be spear phishers (e.g., never request the sharing of sensitive documents via email).
– Disable links inside email bodies to force users to manually navigate to the site mentioned in the email. It adds extra steps, but it can prevent a user from clicking on a phishing link by accident.
It’s practically impossible to filter out well-targeted impersonation attacks, and when an email filter learns to do so, attackers will probably find another way around. It’s up to security teams to defeat social engineering attacks, so get out there and help those users distinguish the good from the bad.