Security

Survey Says: Ransomware is Still a Top Threat for Most Organizations

Mimecast’s State of Email Security Report shows ransomware attacks aren’t slowing down. Don’t be lulled by crypto-mining (or cryptojacking) alarmists into thinking that crypto-mining is replacing ransomware as a major new security …

Read More
Archiving

How Financial Firms Control Compliance Costs

Is your firm ready to face today's business and regulatory needs? Financial services firms face some of the world’s toughest regulatory pressures. And yet, most compliance programs have not scaled with the needs of the business or evolving reg…

Read More
Security

Prevent, Don’t Remediate: Three Cybersecurity Requirements

It’s never a bad time to pause and reflect on the vision for your IT security strategy. Is your IT security strategy based on “protecting your information assets from malicious code and cyber terrorists” or is it “preventing…

Read More
Security

The Rising Tide of Cyber Awareness Training in Today’s Enterprise

Adoption is rising, but is it happening fast enough? Here’s a stark reality: no matter how good your employees are at their jobs they still usually pose your biggest security risk. Human error ranks even higher for cyber risk than software fla…

Read More
Security

How Many IT Security Tools Do You Need?

How many IT Security tools are you currently using to keep your IT environment secure? Odds are, it’s too many. There’s a big, big problem taking hold in the IT world today: IT/security teams are constantly expanding tooling and architec…

Read More
Security

Inadequate Cybersecurity Measures

Good enough security isn't good enough. Just checking the cybersecurity box with a few well know measures is not enough with today’s extremely sophisticated cybercriminals and even Ransomware as a Service offerings. It is the equivalent of an …

Read More
Security

Real Examples of Threats Missed by Email Security Systems

A new view of the Mimecast Email Security Risk Assessment. With this blog I am happy to bring you the 9th consecutive quarterly release of our Mimecast Email Security Risk Assessment (ESRA) aggregate report, also with its associated funnel infograph…

Read More
Security

Obfuscated Fileless Malware in Cyberattackers' Toolkits: A Closer Look

The latest from Mimecast Research Labs includes a malware technique never observed previously. Introduction Fileless malware has become an increasingly popular technique among cyberattackers because it reduces the defender’s ability to detect …

Read More
Security

Baltimore Ransomware Attack Highlights Vulnerabilities in Municipal IT Security

Resource-thin IT departments need a plan for cyber resilience. A high-profile ransomware attack against the government of a major American city has brought new light on an ongoing cybersecurity quandary: how can those with the least resources defend…

Read More
Security

Using Convenience and Simplicity to Win the Security Arms Race

How can we build smarter security systems? The arms race between attackers and defenders is constructive. It should lead to the detection of inefficient parts and production of more robust solutions help to improve systems. It is an unfortunate fact…

Read More
Security

What is the Current State of Email Security Globally?

Our third annual State of Email Security report is here. What is the current state of email security globally? Excellent question. The short answer, per the results of the Mimecast State of Email Security Report 2019 – is not good. Sorry to st…

Read More
Security

Every Organization Needs Safe Content

Content theft remains a huge problem for all organizations. It seems that the only thing scarier for a Chief Information Security Officer, IT security professional or Security Operations Center than a marathon of Freddy Kruger movies is the theft or…

Read More
Security

Nearly Half of All Breaches are on SMBs

Convince the cybersecurity skeptics with this and other data points. When you're making your case for cybersecurity solutions back to your business/finance colleagues at your small-to-medium sized organization, it's helpful to have cold, hard facts …

Read More
Security

How Much Can We Expect Cyber Breaches to Grow?

The more things change, the more they seem to stay the same. It seems that in cybersecurity, the more we attempt to stop or mitigate the damage of cybersecurity breaches, the more they occur. And why should we expect anything different when the rewa…

Read More
Security

Is Dynamic Analysis Enough to Stop Evasive Malware Attacks?

Malware authors are evolving as quickly as the AV and security vendors are. If you've been following industry news, you often hear about major malware infections and their impact, but rarely do you learn why these attacks were successful in the firs…

Read More
Security

Airline Breaches Abound

It may be safer to fly in an airplane than to book your travel. While there is a very remote chance you will come to harm while flying, it seems that based on the news lately you can come to cyber-theft harm just through booking your flights. Cyber…

Read More
Security

Securing the Department of Homeland Security Way

Learn how the DHS recommends you approach cybersecurity. Homeland security was not a thing much on the minds of anyone prior to Sept. 11, 2001. That changed with the successful terrorist attacks and shined a rather large spotlight on an ever-growing…

Read More
Archiving

Compliance Supervision: More Than Checking a Box

Compliance supervision reviewers face big challenges. It doesn’t have to be so complicated. Compliance supervision is one of the most important areas of investment for archiving buyers today but is also unfortunately one of the stagnant areas …

Read More
Security

Threat Intelligence Best Practices for Lean IT Organizations: Part 2

Make your organization a harder target for adversaries to crack. Editor’s note: For cybersecurity professionals, threat intelligence isn’t just about reacting to indicators of compromise after they've already impacted an organization. In…

Read More
Security

Securing the NSA Way

What can you learn from NSA cybersecurity strategies? The United States National Security Agency originated as a unit to decipher coded communications in World War II and was officially formed as the NSA by President Harry S. Truman in 1952. Since …

Read More
Security

Threat Intelligence Best Practices for Lean IT Organizations - Part 1

Here’s why looking at indicators of compromise isn’t enough. Editor’s note: For cybersecurity professionals, threat intelligence isn’t just about reacting to indicators of compromise after they've already impacted an organiza…

Read More
Security

Phishing for Selfies? New Scam Targets Chase Bank Customers

Highlighting the importance of extra care no matter the device. Yes, we live in the age of the selfie. Admit it, you’ve taken them yourself. But, did you ever think selfies could be part of a phishing scam? The attackers have really outdone th…

Read More
Security

Active Versus Passive Versus Host-Based Cyberattack Vectors

Know the difference and how you can prevent cyberattacks. Budding authors and journalist are taught the difference between active and passive voice in first year writing classes. They understand that active is about “doing” and passive i…

Read More
Security

Risks and Consequences of Legacy Web Security Solutions

Counting the cost of on-premises web security systems. Shopping, researching, downloading, gaming, finding new friends and seeing what’s happening in the world: these are just some of the ways we use the web every day. Unfortunately, threat ac…

Read More
Security

Social Media is a Cybersecurity Backdoor to Your Enterprise

The amount of time your employees spend on social media will shock you. Facebook, Instagram, LinkedIn, Twitter, YouTube or the latest online game. Yes, these are the new temptations facing employees on a daily basis. It starts with just a peek; mayb…

Read More
Security

New Cyber Espionage Campaign Features Never-Before-Seen Malware Tools

The key to defending against new attack types is a multi-layered security strategy. Attackers are always looking to get the upper hand on their targets. Many of the methods and tactics attackers use are tried-and-true. But sometimes we see things we…

Read More
Security

Web Security Controls Are Rapidly Transitioning to the Cloud

Following the lead of secure email gateways, web security systems are moving quickly to the cloud. No big secret, but IT services in general and IT security controls in particular are rapidly transitioning to the cloud. There are many reasons for th…

Read More
Security

DNSpionage Demystified

Espionage is the subject of more novels and Hollywood films than can even be accounted for. It seems intriguing on the written page or the silver screen to the average consumer, but when espionage starts to become a reality that affects the identit…

Read More
Security

SMBs, Midmarket Continue to Be Massive Cyberthreat Targets

More data points are available to make your resilience case. If you’re making the case for cyber resilience at your small to medium-sized organization, there is a whole slew of new data out there to help make your argument. Our ongoing blog s…

Read More
Security

Dealing With Cybersecurity Stress

Stress seems to be something that comes up daily in at least one conversation with someone else. You may be feeling stress at this very moment, but do you really understand what it is and where it comes from, especially as an IT Security profession…

Read More
Security

Insider Threat Protection: How Organizations Address the Inevitable

Keeping Connected to Our 33K+ Customers, One Customer at a Time. At Mimecast we are blessed to have more than 33,000 customers for our email security, archiving, web security and security awareness training services. And staying connected and e…

Read More
Security

Phisher Pleads Guilty in Scam Targeting High-Profile Celebrities, Athletes

A reminder: phishing and brand-spoofing works best against the unsecured and unaware. A phishing scam perpetrated by a man stealing sensitive personal information from high-profile individuals should provide a warning sign to organizations of all si…

Read More
Security

C-Level Fraud and Spear-Phishing Across International Boundaries

These long-standing cyberattack types are more prevalent than ever.   Cave drawing found in southern France showing early spear-fishing have been dated back 16,000 years, and whaling has been practiced as an organized industry as early as 8…

Read More
Security

Supply-Chain Attacks in the Real World: Bridging the Cyber Divide

Cyberattackers attempted to take down the US electric grid—through companies like yours. Any business in the B2B space is part of a supply chain, whether you feed into larger businesses or those larger businesses feed into you. If you find you…

Read More
Security, Cyber Resilience for Email

Cybersecurity Trends: Our Most Read Blogs of 2019 Q1

See what caught the eyes of Cyber Resilience Insights readers this quarter. With the first quarter of 2019 drawing to a close, we wanted to provide you a one-stop shop for the most-read new content we've posted on Cyber Resilience Inights so far. Be…

Read More
Security

Information Security Through the Years

Some aspects of info security haven't changed much in theory. You may be interested to know that most every modern cybersecurity technique used today is based on methodologies developed and used thousands of years ago. So, in the spirit of those who…

Read More
Security, Office-365

Moving Email to the Cloud? Cyber Resilience is a Must

Prevent cyber risks by not putting your eggs in everyone else’s basket. Microsoft's announcement that it has launched its first cloud data centers in Africa—one in Cape Town, another in Johannesburg—is a cause for celebration among…

Read More
Archiving

Your Success is Our Success: The Archiving Triple Crown

Customer success in archiving has produced fruitful results for all. It’s springtime in the US, and for many aficionados, the beginning of another season of horse racing. The Triple Crown is a rare accomplishment for the horse that wins the Ke…

Read More
Security

The Evolution of CISO Strategies

How has the CISO role changed through the years? Charles Darwin wrote “On the Origin of Species” in 1859 and introduced the concept that organisms arise and develop through the natural selection of small, inherited variations that increa…

Read More
Security

Use Your Discretion: Cyber Awareness Education for Employees

Make a plan for educating employees. Employees are usually left to use their discretion with corporate-owned technology on your networks pretty much all the time. As such, a lot of power is in their hands when it comes to what emails to open, what f…

Read More
Security

Cybersecurity Shows Demystified

Show season is upon us. Chief Information Security Officers, IT security professionals and hackers alike will be converging on cities around the globe to learn the latest and greatest cybersecurity trends, technologies and issues, while meeting thei…

Read More
Security

Addiction or Prevention

Have we become addicted to passwords? In today’s technology age, there are creeping addictions that many have but few acknowledge. The worst pandemic of which we suffer today may actually be an addiction to passwords as the primary security pe…

Read More
Security

March Email Security Risk Assessment Report: A Focus on Office 365

What Office 365 misses may surprise you. With this blog I am happy to bring our 8th consecutive quarterly release of the Mimecast Email Security Risk Assessment (ESRA) aggregate report to your attention (also with an associated infographic). We now …

Read More
Security

Understanding Threat Intelligence: Seeing Beyond Indicators of Compromise

Threat intelligence doesn’t mean subscribing to multiple data feeds. There is a lot of confusion and misunderstanding about what constitutes threat intelligence. Too often, threat intelligence gets misaligned with tracking a bunch of Indicator…

Read More
Security

The Return of the Equation Editor Exploit – DIFAT Overflow

The latest from Mimecast Research Labs. Summary In the last few months, the Mimecast Research Labs team has seen several unique variants of Microsoft Office Word exploits, more specifically combining the previously-patched memory corruption issue CV…

Read More
Security

Sextortion, Bomb Threats and GoDaddy

The lurid details of a new kind of email scam. An award-winning film from 1989 titled “Sex, Lies and Videotape” introduced the world to the power of uncomfortable private data coming to public attention and now cybercriminals are taking …

Read More
Security

3 Things to See at RSA Conference USA 2019

Here is what to look for at this year’s big cybersecurity show. The upcoming RSA Conference USA 2019 taking place from March 4-8 at the Moscone Center in San Francisco will mark my 17th consecutive year of attendance! It seems like my first ye…

Read More
Security

CISO at 25

How has the CISO function changed through the years? Having an executive team to manage specific functions of an organization goes back to the introduction of formalized businesses. In the United States it recorded that the oldest corporation is Har…

Read More
Security

Global Attacks Abound

No government is safe. There seems to be a resurgence of interest in the belief that the world is flat despite all evidence to the contrary. Cybercriminals on the other hand, understand all too well that the Earth is actually boundaryless in cybersp…

Read More
Security

Threat Intelligence for the 99 Percent - Part 8: Final Thoughts & Takeaways

Here’s what you need to know on your threat intelligence journey. Welcome to the 8th and final edition of our blog series, Threat Intelligence for the 99%. We’ve reached the end of the road for these blogs, but hopefully your road to thr…

Read More
Archiving

Zero-Down, End-to-End Migrations: Simple, Easy to Remember

Email migrations don’t have to be painful. It seems, since the beginning of email, customers have endured the pain of migrating from version-to-version, vendor-to-vendor and now on-premises-to-cloud. While most of the version migrations were p…

Read More
Security

Phishing for Outlook

There seems to be a kit available for everything nowadays. The web is inundated with advertisements for kits to help with daily meal planning, weekly work planners, or even month wardrobe assistance. You can even now find phishing kits targeted to …

Read More
Security

GandCrab Ransomware Attacks Exploit Valentine’s Day Weaknesses

This Valentine’s Day, your big heart could get you in trouble. When you think Valentine’s Day, candy hearts, roses and chocolate are probably the first things that come to mind. Perhaps the last thing would be insidious email attacks, bu…

Read More
Archiving

Feeling the Archive Love: TechValidate Survey Results

This Valentine’s Day, we’re offering thanks to our customers.   Developing a modern archiving strategy isn’t easy. IT departments are increasingly plagued by data growth and service requirements back to internal customers.…

Read More
Security

Threat Intelligence for the 99 Percent - Part 7: Stitching It Together

How do you put all the threat intelligence components together? Welcome to the latest edition of our ongoing blog series, Threat Intelligence for the 99%. In the last two editions of our series, we’ve looked at cyber threat intelligence (CTI) …

Read More
Security

Insider Threats Personified – Infected, User Should Beware

When it comes to cybersecurity, human error can’t be discounted. We live in a mobile world where cyber attackers target employees who work in the office, at home or from the road. In parallel, threats can also be introduced onto an employee&rs…

Read More
Security

Email Security for the Healthcare Industry: Time for a Checkup?

See where healthcare cybersecurity is falling short. Any regular reader of Mimecast’s Cyber Resilience Insights blog site has likely come across my quarterly Email Security Risk Assessment (ESRA) blogs. These blogs summarize and draw conclusio…

Read More
Security

Preventing Attack-for-Hire Services

It's a real thing. Here's how to fight back. The concept of a mercenary dates back to ancient Egypt and has been a long-standing method for governments (or other groups) to supplement their military might. So, it should not come as a surprise that …

Read More
Security

Threat Intelligence for the 99 Percent - Part 6: Building Your Own - Tools

Selecting the right threat intelligence tools is critical. Welcome to the latest edition of our ongoing blog series, Threat Intelligence for the 99%. Last time, we examined the types of cyber threat intelligence (CTI) feeds you need to consider when…

Read More
Security

5 Ways to Ingrain Cybersecurity Awareness into Your Business

Here’s how you can lower risk by changing attitudes from top to bottom. When it comes to defining an organization’s mission and vision, a lot of time is spent refining and getting it right. However, when it comes to making security aware…

Read More
Security

Coffee, Donuts or Stolen Credentials?

Even the big chains aren't immune from attacks. Water, tea and coffee are the most consumed beverages in the world, so it should not be a complete surprise that there are hundreds of large chains with thousands of storefronts that provide the two st…

Read More
Security

New Year, New Prices: Bridging the Cyber Divide

You’re “rebuying” technology services every year. Make them earn it. Welcome to the latest edition of Bridging the Cyber Divide, where we provide technical professionals in small-to-medium sized organizations the know-how to a…

Read More
Security

Threat Intelligence for the 99 Percent - Part 5: Building Your Own - Feeds

Selecting the right feeds for threat intelligence can’t be overlooked for your program. Welcome to the latest edition of our ongoing blog series, Threat Intelligence for the 99%. We’ve already taken deep dives on what cyber threat intell…

Read More
Archiving

How to Be an Enterprise Information Archive Leader

What strengths and innovations does your archive have? Last month we shared the news that for the 4th straight year, Mimecast was named a Leader in the Gartner Enterprise Information Archiving Magic Quadrant (MQ). In addition, we examined the trends…

Read More
Security

Hackers Targeting Entire Countries

The world is fighting back. In Hollywood movies, when the individual underdog prevails against monolithic corporations or corrupt government entities, we celebrate their success. When that individual underdog is actually a cybe-criminal intent on ca…

Read More
Security

Threat Intelligence for the 99 Percent - Part 4: What Approach Do You Take?

You have options for threat intelligence. But how do you decide? Welcome to the latest edition of our ongoing blog series, Threat Intelligence for the 99%. We’ve already looked at several aspects of cyber threat intelligence (CTI) programs, in…

Read More
Security

How Do You Roll Out a Threat Intelligence Program?

You can do this. When you think of implementing a cyber threat intelligence program at your organization, you may believe it will take millions in resources to have the right technology, the right people and the right strategy in place. But the trut…

Read More
Security

Cybercriminals Love Healthcare

Here's why this industry is now a top attack target. In general, cybercriminals will target the most vulnerable of organizations that can provide the biggest payoff. In the early days of internet-based computing, this meant primarily the finance ind…

Read More
Security

Threat Intelligence for the 99 Percent - Part 3: When Is It Needed?

Are you tall enough to ride the ride for threat intelligence? Welcome to the latest edition of our ongoing blog series, Threat Intelligence for the 99%. This week, we’re looking at the indicators for when you need to implement a cyber threat i…

Read More
Security

Insider Threats Personified – Patient Zero Un-Hero

Sometimes, bad things happen to people with the best intentions. This week in ‘Insider Threats Personified’ we’ll see how the actions of your employees can inadvertently launch a threat against your customers and partners and resul…

Read More
Security

Survey: Cybersecurity at Work, By the Numbers

Findings of our survey show that cyber awareness training is badly needed for organizations. Employees are the weakest link in your security chain. Studies have found that over 90% of all cyber breaches happen because of human error. Even with the b…

Read More
Security

Cryptojackers Strike Again

No organization is exempt from cryptojackers. It doesn’t even matter if your organization does amazing things for people in unfortunate circumstance. Just look at what happened to the Make A Wish Foundation and use it as a cautionary tale. Cr…

Read More
Security

Mimecast Discovers Microsoft Office Product Vulnerability CVE-2019-0560

Understand the security implications of the latest patched Microsoft Office product memory leak vulnerability What happens when you combine sophisticated anti-phishing attachment inspection, static file analysis, machine executable code in data file…

Read More
Security

Threat Intelligence for the 99 Percent - Part 2: Why is it Important?

The need for threat intelligence comes down to defense, and confidence. Welcome to the second installment of our blog series, Threat Intelligence for the 99%. In this series we’ll dive deep into all topics surrounding threat intelligence, what …

Read More
Security

2019 Cybersecurity Trends to Watch

Here are some predictions for the new year. Happy New Year! As we finish singing “Auld Lang Syne” with a champagne toast to close out 2018, it is time to look to 2019 with excitement. But, before you make a few New Year’s resolutio…

Read More
Security

Threat Intelligence for the 99 Percent - Part 1: Explaining the Issue

Cyber threat intelligence isn’t just for the 1%. If you’re in cybersecurity, odds are you’ve heard a lot about threat intelligence these last few years. But unless you’re part of an organization with a massive budget for cybe…

Read More
Security

Why Employees Habits are Cyber Risks

Why awareness training should be part of every cyber resilience strategy. Editor’s note: Human error is involved in over 90% of today’s cybersecurity breaches. Sometimes is carelessness, sometimes it’s maliciousness and sometimes i…

Read More