Jul 21 2020
94% of all Cyberthreats Start with Email. Are Your Mailboxes 100% Safe?
Are you shocked to learn that 94% of all cyberthreats start with email?
Here are some more shocking email facts courtesy of the ‘Mimecast ‘State of Email Security 2020’, which finds that:
- “51% of organizations have been impacted by ransomware in the last 12 months
- 58% saw phishing attacks increase
- 60% have seen an increase in impersonation fraud
- 82% have experienced downtime from an attack”
- “60% of organizations have experienced their own employees being responsible for spreading a malicious email
- 55% of organizations don’t provide security awareness training on a regular basis
- An average of 41% of organizations don’t have a system in place to monitor for and detect malicious content in emails.”
Finally, 60% of shops surveyed believe they will be hit by an e-mail attack in the coming year. Meanwhile, 7-10% of malicious emails get past enterprise security filters.
It’s clear that e-mail is BY FAR the most common way hackers breach your systems – making insecure mailboxes and poor e-mail user practices your biggest security exposure. Mailboxes are made vulnerable through insecure, weak and never expiring passwords, as well as a lack of multi-factor authentication (MFA).
Meanwhile, monitoring employee activities such as their mailbox practices can identify risky behavior and proactively secure business critical data. Preventing risky activities such as auto-forwarding to external email addresses and limiting access rights to other user’s mailboxes can prevent the spread of malware and the leakage of data through emails. In addition, being aware of unusual email activity prevents targeted spam or social engineering tactics common among today’s cybersecurity threats.
Relieving the Pain of E-Mail Hacks
Key rules applied to mailbox security relate to access rights. Luckily, CoreView flags user accounts with anomalous permissions such as with access rights to more than five other user mailboxes, accessing mailboxes of other departments, disabled accounts able to access mailboxes and more. These are not for Room, Shared, or Team mailboxes, but rather actual User Mailbox accounts. Users who have this type of advanced access rights to other users’ mailboxes should be investigated to ensure they are being used for acceptable business purposes.
Often, mailbox security can be compromised by spam and malicious malware. CoreView can discover instances of malware sent from your organization via e-mail – and track this spread in minute detail.
The Pain of Stale Mailbox Rights
A common security scenario is sharing calendar or mailbox access with other colleagues. The problem is that no one is taking care of removing this access — if this is not done by the owner of the shared resource.
Access to resources is usually needed for a limited amount of time, and you should ensure that this principle is applied. When access is granted to final users and it’s removed only when a person leaves the company or reminds IT to remove it – this potentially opens security breaches which are not monitored by anyone.
CoreView helps governance of this process through a workflow, where a user can ask for resource access to target users for a limited amount of time and the workflow will remove it automatically after it expires.
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.