How quiet is too quiet?
Every organisation is looking for a cyber security solution that will ‘cut through the noise’, as it’s not only overwhelming for analysts, but it can serve as a hiding place for serious threats.
The challenge with the noise is that it’s only getting louder as email-based attacks continue to evolve and become more sophisticated. Mimecast’s State of Email Security Report reveals more than 90% of global organisations report the volume of phishing attacks is increasing or has stayed the same (during the 12 months to July 2018).
The temptation for organisations is to put in place stricter cyber security policies and introduce new technologies to address the noise but doing so can be equally detrimental if critical business correspondence is caught up in the process.
Organisations are now under pressure to find a balance between relying on security solutions that filter ‘noise’ and deliver business critical emails in a timely manner, without the risk of ‘false positives’.
News vs noise
Media organisations are particularly vulnerable to outside attacks and present an attractive target for cyber criminals due to their high profile. Yet at the same time, these organisations rely on receiving information from external sources to stay on top of news. For these organisations, blocking emails can result in legitimate emails also being blocked.
One of Australia’s free-to-air TV broadcast services, Network 10, operates a fast-moving media environment that relies on online collaboration amongst its 1,200 employees across multiple sites. The company receives as many as three million emails per month, with 80% of incoming email blocked as spam or malicious.
According to Jason Tuendemann, Chief Information and Technology Officer with Network 10, they have seen a significant increase in malicious email attacks and URL-type attacks in the last two to three years.
While the network had a reasonably mature IT practice for resolving ransomware attacks, the organisation recognised it was time and resource intensive.
Network 10 evaluated a number of email security solutions and, after a proof of concept, selected Mimecast’s Email Security solution, which appealed for its cloud design, robust email filtering and tight integration with Office 365. Importantly, the proof of concept showed very few ‘false positives’.
Network 10 coupled its Mimecast implementation with cyber awareness training for employees to help them identify and avoid phishing scams and malicious URLs.
Since implementing Mimecast, Network 10 has not suffered a single URL type incident, with 80 of inbound messages rejected as spam or malicious each month, including 50 malware samples and 250 potential whaling attacks avoided. There was also an immediate reduction in the number of malicious emails and URL-type attacks.
Ramping up security
The key for Mimecast was to help Network 10 stop malware from entering their network in the first place. The ideal email management solution for the company was one that could defend against the growing volumes of malicious emails, improve security and empower users to work more safely online in their Office 365 environment. IT now has time to focus on other tasks, with the knowledge that employees have a heightened awareness of the importance of security, and only relevant and secure emails are being received.