Enterprises need to be aware of threats from internal email

Insider attacks are of increasing concern to businesses. New research shows that internal email can be a major source of threats that often gets overlooked.

The study from email security company Mimecast and Forrester Research reveals that more than a third of companies have experienced some information loss, theft, or attack via email within the past two years.

Whether it's a malicious insider looking to exploit systems or an employee who broke IT policy and accidentally exposed data, insider threats are a growing concern and email can't be overlooked as a major source of security vulnerability.

The results show that 40 percent of respondents experienced business email compromise or impersonation leading to fraud, credential theft or data loss. Sixty-four percent of respondents say that non-malicious insiders cause at least moderate financial damage, and 57 percent say they'd had a moderate problem in terms of productivity loss.

Compromised internal accounts were involved in insider incidents according to 63 percent of respondents. Fifty-seven percent cited careless misuse and 41 percent malicious insiders.

On the positive side companies are becoming more concerned about the threat. Seventy-seven percent expressed some level of concern over compromised accounts, with 61 percent worried about careless misuse and 55 percent about malicious insiders. Network monitoring and the use of secure email gateways are the most popular ways to combat the threat.

Mimecast is launching its own Internal Email Protect service, a cloud-based product which can address these threats by enabling customers to detect and address security threats that originate from their internal email system.

"Not all threats are created equal; therefore, organizations need a cyber resilience strategy to help organizations prepare for any type of attack -- whether that be from outside or inside of the organization, malicious or accidental," says Neil Murray, chief technology officer at Mimecast. "Internal Email Protect is the only cloud-based email security service addressing internal-to-internal emails for malware, malicious URLs and the improper movement of sensitive content. With Internal Email Protect, organizations can get ahead of the attack and stop feeling like they’re playing a never ending game of catch-up."

You can find out more about email security for business on the Mimecast website.

Image Credit: Balefire/Shutterstock