Mimecast’s 2020 State of Email Security report is here
As the world we live in dramatically changed in the first half of 2020 there has been a significant impact on IT and the security world as every country moved to try and contain the impact of COVID-19. As the pandemic spread many businesses were targeted by cyber attacks and email phishing campaigns as threat actors attacked businesses, charities, and governments.
Mimecast, Enablis email security partner, revealed in its latest 2020 email security report that the usual email and web security defences are no longer good enough. Mimecast commissioned a global survey of 1,025 IT decision makers to gain useful insights into their experiences and outlook on the current state of email security.
The report findings confirm businesses need a more robust security framework to prevent and protect them against threat actors now and in the future. It also found that it is critical to integrate security awareness training for online brand protection.
The Top 10 ten takeaways from the report
- Leaders are beginning to understand that email perimeter is constantly under attack.
- Impersonation, phishing, and business email compromises are increasing at a concerning clip
- The effects of ransomware are increasing year over year.
- Monthly security awareness training is the best way to train employees, but it’s not happening.
- In the absence of security awareness training, unsafe URL clicks, and data leaks will ensue
- Looking beyond your email perimeter towards online brand protection is a business issue that can no longer be ignored.
- Budget ownership for online brand protection may shed light on how quickly an organisation can respond to an attack.
- You’re right to have growing concern about web and email spoofing.
- If there is one thing we all agree on, it’s that cyber resilience strategies are necessary but still incomplete.
- When it comes to delivering world-class security, Microsoft 365 needs more cyber resilience.
The Mimecast 2020 email security report discusses how more users moving to cloud-based email are experiencing the benefit of predictable costs, better collaboration, a simplified infrastructure and critical services like data protection.
But when a popular platform like Microsoft 365 is missing necessary security layers, users may receive emails that should have been held.
The report explains that there can also be security challenges with business continuity. So if there is a short outage, users are more likely to bypass their corporate security and use personal email accounts to complete work and prevent downtime.
It was noted that there’s room for improvement when it comes to security and resilience, as 59% of respondents experienced a Microsoft 365 outage in the last 12 months.
Additionally only about 1 in 5 of the survey respondents (22%) agreed that Microsoft 365 provides world-class security for their organisations.
Microsoft 365 services have no in-built, or inherent business continuity services, which means that if a business experiences an interruption to Microsoft cloud services via common attack methodologies like a DOS attack, a datacentre hardware failure, or another form of interruption to their cloud services, they are exposed.
59% of respondents stated that they experienced a Microsoft 365 outage in the last 12 months, and 65% of surveyed respondents stated that they have already added to or are in the midst of adding additional layers of continuity and cyber resilience into Office 365 Email.
The report explains that when it comes to delivering world-class security, Microsoft 365 needs more cyber resilience. While 96% of respondents use Microsoft 365 for email delivery, the impact to their organisations following an outage or other security event created a lasting impression of the need to build in greater resilience with components like email security.
The Enablis security team work closely with Mimecast to offer specialist security services to protect your business, data and staff from attacks.
If you would like to speak with one of the Enablis team about your security requirements click here or visit our Zero Trust page for further information. If you would like to find out about Secure Access Service Edge (SASE) visit the resource centre here.