Dive Brief:

• Dangerous emails are getting through incumbent email security systems frequently, according to a new Email Security Risk Assessment from Mimecast, based on data from more than 44,000 users.
• Mimecast determined that nearly 9 million of the more than 40 million emails that passed by the incumbent email security system or cloud security services had the potential for risk. 
• The vast majority of the false negatives that were passed by the incumbent email security systems and caught by Mimecast were spam email messages, but there were dangerous emails that also made it through. For example, 8,319 emails were found with dangerous file types as attachments, 1,669 emails were determined to contain known malware and 8,605 emails were characterized as impersonation attempts.

Dive Insight:

Email security systems aren't perfect. In fact, many allow dangerous emails through the corporate gates. Blame it on today's cybercriminals, who are well funded and come up with more sophisticated attacks daily. Mimecast suggests CIOs review email security every 12-18 months.

The high number of impersonation emails are of particular concern. Last year, the FBI estimated those types of email cost organizations more than $2.3 billion in losses over the past three years. In 2016, Seagate Technology gave up the 2015 W-2 forms of all its current and former U.S.-based employees in an impersonation email scam. 

The week before, Snapchat revealed it was the victim of the same type of scam when an employee released company payroll information to an attacker pretending to be CEO Evan Spiegel.