Email Security, Security Awareness Training

Why artificial intelligence is key to improving phishing defenses

As attackers constantly evolve their tactics to side-step more traditional defenses, artificial intelligence and machine learning technologies are stepping in to help organizations improve defenses. Technologies like MessageControl offer a critical e…

Read More
Threat Intelligence Hub

Post-Pandemic Cyberattacks Target Vulnerable Industries

Cybercriminals are targeting industries like retail and manufacturing that continued to operate throughout coronavirus shutdowns – and they’re becoming more sophisticated. Key Points: The bulk of cyberattacks during the first half of 202…

Read More
Threat Intelligence Hub

New Threat Intelligence Report: Black Hat USA Edition 2020

The Mimecast Threat Center analyzed 195 billion emails January-June 2020 (rejecting 92 billion or 47%) to compile insights in Mimecast's latest threat intelligence report. With the COVID-19 pandemic, cybercriminals shifted their focus to business ver…

Read More
Security Awareness Training

The Role of Executive Training in Building Cybersecurity Culture

Key Points: A Wall Street Journal survey found that companies that provide cybersecurity training to executives are also more likely to have put other key cybersecurity protections in place.   Executive security awareness training may help non-…

Read More
Web Security

Browser Isolation: An Essential New Web Security Layer

Key Points: Browser isolation is an additional security layer that protects people, systems, and networks by completely separating them from dangerous sites and their malicious content. Cloud-based, server-side, containerized browser isolation offer…

Read More
Email Security, Web Security

Integrating Security Products is Vital for Cyber Resilience

The pace of tech innovation combined with the cyber arms race means integrating cybersecurity products is essential to keep up with fast-evolving threats. Open APIs are key. Key points: The ability to rapidly integrate best-of-breed security produc…

Read More
Email Security

Ransomware Outbreak Threatens All Industries

A surge in ransomware attacks increases the challenges for organizations that are already struggling to cope with the COVID-19 pandemic. Key Points: Reports of ransomware attacks rose sharply in the first half of 2020, and the outbreak is considered…

Read More
Email Security, Security Awareness Training

Managing Third-Party Cyber Security Risks

Cyber attacks via third parties pose a huge and often unrecognized security risk to companies of all sizes. Fortunately, there are steps that you can take to minimize the risk. Key Points: Although direct cyberattacks on organizations get most of th…

Read More
Brand Protection

How Your Brand May Be Exploited Without Your Knowledge

Organizations may not be aware of all the ways that bad actors are impersonating their brand online, even though those online exploitation attacks can defraud an organization’s customers and tarnish its brand. Key Points: Cybercriminals can ex…

Read More
Email Security, Security Awareness Training

Why SMBs Are Under-Prepared for Cyberattacks

Smaller companies are not as well prepared for cyberattacks than bigger enterprises, in part due to budget limitations. Cloud-based security tools and awareness training can help. Key Points: Small and mid-sized businesses (SMBs) are targeted in 43%…

Read More
Web Security

Managing Security for a Remote Workforce: Mimecast IT’s Experience

Two Mimecast IT and internal security leaders share what they’ve learned about managing and securing a massive increase in employee remote working since the start of the COVID-19 pandemic. Key Points: The shift to remote working means it&rsquo…

Read More
Security Awareness Training

Twitter Hack Highlights Need for Security Awareness Training

A social engineering attack enabled hackers to penetrate Twitter’s administrative systems and hijack high-profile accounts, illustrating the far-reaching impact of cybersecurity lapses. Key points Authorities are probing a Twitter hack that hi…

Read More
Brand Protection

Getting to p=Reject, Mimecast’s Internal DMARC Project: Part 1

Creating a DMARC record and setting it to p=Reject would seem to be very easy. It can be – but there are several considerations, such as learning who your “good email spoofers” are and how to keep their delivery high, while stopping…

Read More
Email Security

Hubris Caught the Instagram Star: Business Email Compromise Security Guide

Here are four email security hacks you can learn from the Hushpuppi saga, such as practicing sound social media judgment and ensuring your customers and supply chains are equally secure. Ramon Olorunwa Abbas, a.k.a. “Ray Hushpuppi” is all…

Read More
Threat Intelligence Hub

Mimecast Discovers MPP Bleed, a Microsoft Project Vulnerability

New Mimecast research demonstrates how CVE-2020-1322 potentially impacts Microsoft Project– included in the Microsoft Office suite – that can lead to unintended information disclosure. Editor’s note: Thanks to Mimecast Research Labs…

Read More
Threat Intelligence Hub

Malicious Deepfake Technology: A Growing Cyber Threat

Be aware: Attackers now have the capability to clone real people’s voices to increase the success of business email compromise attacks and sway public opinion. Key Points: Malicious actors are using AI-based deepfake audio impersonations to en…

Read More
Threat Intelligence Hub

Mimecast Discovers “3D Office Exploiter,” a Remote Code Execution Vulnerability in Microsoft Office

New Mimecast research demonstrates how CVE-2020-1321 potentially impacts unpatched versions of Microsoft Office for Windows and Mac. Editor’s note: Thanks to Mimecast Research Labs’ Menahem Breuer and Ariel Koren for this discovery. Mimec…

Read More
Email Security

Why Manufacturers Are Under-Prepared for Cyber Resilience

As manufacturers transition to industry 4.0, they are increasingly vulnerable to cyber threats—but they are less prepared than other sectors. Key Points: Manufacturers are increasingly exposed to cybersecurity risks—but a survey shows th…

Read More
Email Security

Steve Wozniak Opens Up at the Mimecast Cyber Resilience Summit

The Apple co-founder shares his views on innovation, AI, cybersecurity, business ethics and giving back to society in a fascinating Q&A with Mimecast CEO Peter Bauer.    Silicon Valley icon discusses how to instill an ethical approach …

Read More
Security Awareness Training

Cyber Awareness Training Helps Defend Users from Brand Spoofing Attacks

Users may be more likely to fall for phishing emails that appear to come from trusted brands. Regular awareness training can help transform them into eagle-eyed threat detectors. Key Points: Bad actors often send email messages that impersonate bran…

Read More
Archive and Data Protection

Why E-discovery Is Now a Ubiquitous Requirement

Runaway growth in data, together with increasing regulation and workplace litigation, are making e-discovery a universal requirement among all sizes of organization. Key Points: The enormous expansion in business data, combined with the prevalence o…

Read More
Brand Protection

On Your DMARC: Protecting MS 365 Email Users from Phishing Scams

DMARC is a very effective way to protect Microsoft 365 users from phishing and other email-based scams. However, the protocol can be difficult to implement; third-party tools can help. Key Points: Email is easy to spoof and MS 365’s enormous c…

Read More
Email Security

How Cybersecurity Automation Transformed ZeroFOX’s SOC

Internally sharing info on how the cybersecurity automation software works enables SOC analysts to cut work down from days to hours—or even less. Key Points: Research shows cybersecurity automation is on the rise, despite obstacles like a shor…

Read More
Security Awareness Training, Security Awareness Training

Mimecast Voices: Bryan Vermes

Editor's note: This is the second article in a series of profiles featuring Mimecasters sharing their personal experiences with, and perspectives on, prejudice and marginalization and what actions people can take to better support their colleagues in…

Read More
Security, Email Security, Brand Protection

Using AI to Fight Domain Spoofing for Online Brand Protection

As long as it’s easy for bad actors to spoof brand domains and create fake websites, they’ll keep doing it. But AI-based online brand protection tools can help fight brand exploitation outside the perimeter. Key Points: Domain spoofing i…

Read More
Security, Email Security, Brand Protection

Why Online Brand Protection Is Important for Small Businesses

Small businesses may think they’re unlikely to suffer from online brand impersonation, but no company is immune to the threat. Key Points: Online brand impersonation is a widespread problem that can damage a company’s reputation and caus…

Read More
Security, Web Security

Remote Working Makes Web Security Vital

As pandemic-spurred remote working becomes a permanent arrangement for many organizations, cloud-based web security gateways help to safeguard a distributed workforce and enforce compliance.   Key Points: Although increases in remote working we…

Read More
Archiving, Archive and Data Protection

Ready or Not, Here Comes California’s Data Privacy Law

Businesses worldwide face a July 1 deadline to comply with the California Consumer Privacy Act (CCPA). If your organization isn’t ready, now is the time to start. Key Points: On July 1, California begins to enforce the strictest data privacy l…

Read More
Security, Web Security

Security’s “New Normal”: Remote Working Supercharges the Shift to Cloud Security

451 Research analyst Scott Crawford describes how IT organizations will increasingly leverage cloud security to safeguard more widely distributed people, assets, and networks. Key Points: The long-term increase in remote working and the growth in co…

Read More
Email Security, Archive and Data Protection, Microsoft 365

Critical IT Continuity Planning for a Secure Microsoft 365 National Health Service

As the UK’s National Health Service embraces Microsoft 365 security and productivity services, there are lessons from WannaCry and Exchange Online downtime for protecting critical national infrastructure. In a time when effective healthcare has…

Read More
Archiving, Archive and Data Protection

Get Ready to Play Offense On E-Discovery

The cost and disruption of e-discovery—particularly email discovery—are spiraling up. Play offense on e-discovery to manage those fire drills instead of letting them manage you. Key Points: IT departments are constantly forced to react t…

Read More
Security, Email Security

Why Email Security Never Seems to Improve, and What You Can Do About It

While security organizations spend billions per year to improve email security, the problem seems to be getting worse faster than it is getting better. Learn about the 7 main reasons this is the case and what you can do to improve your organization&r…

Read More
Security, Email Security, Brand Protection

Why DMARC is Essential for Online Brand Protection

DMARC helps stop bad actors delivering malicious emails that appear to come from your brand’s domain. It helps ensure every email received by your brand’s customers, employees, or anyone else, is authentic. Key Points: Email is as vulner…

Read More
Security Awareness Training

Mimecast Voices: Jennifer Odogwu

Editor's note: This is the first in a series of profiles featuring Mimecasters sharing their personal experiences with, and perspectives on prejudice and marginalization, and what actions people can take to better support their colleagues in this era…

Read More
Email Security, Threat Intelligence Hub

Ransomware Attack Leaves Honda Stuck in "Park"

A large-scale ransomware attack on Honda Motor Co. halts manufacturing operations, highlighting the need to better protect business critical systems. Key Points Honda announced a ransomware attack crippled operations in multiple countries, causing …

Read More
Security, Email Security

Ransomware Returns With A New Twist: Pay Up or We’ll Publish

Ransomware attacks have become larger and more sophisticated—and hackers are increasingly stealing sensitive information and threatening to publish it unless the ransom is paid. Key Points: More ransomware attacks are stealing sensitive inform…

Read More
Security, Brand Protection

Companies Wake Up to The Value of DMARC for Online Brand Protection

Backed by DMARC and State of Email Security 2020 data, soaring uptake of DMARC worldwide suggests that organizations are recognizing the value of the standard to combat brand impersonation in phishing emails. Key Points: The number of domains using …

Read More
Security, Email Security, Coronavirus

The Impact of COVID-19 on Cyber Security Insurance

Cyber threats are surging as employees work from home due to the COVID-19 pandemic, prompting cybersecurity insurers to reassess companies’ security measures—and potentially raise premiums. Key Points: Rising threats and an increase in r…

Read More
Continuity, Archive and Data Protection

Are You Overlooking Email Business Continuity in Your Cloud Migration?

It’s easy to take email continuity for granted, especially when using a cloud-based service. But an outage can undermine productivity and security. Here are some tips for maintaining email business continuity. Key Points: When an email system …

Read More
Security, Email Security

Why Cybersecurity Never Seems to Improve, and What You Can Do About It

Security defenses are improving, but cybercriminals move faster than defenders, and the attack surface seems broader than ever. There are five reasons why enterprise security is so challenging. Why does it seem that the security profession is continu…

Read More
Continuity, Archive and Data Protection

Cloud Productivity Platform Security: Re-imagining Your IT Resilience Strategy for a Post-Pandemic Society

Cloud productivity suites are booming in the Covid-19 era while cybercriminals continue to adapt to the new attack surface. Here’s a resilience mindset view on how to securely manage the risks of moving the cloud. Amid the tumult of 2020, there…

Read More
Security, Brand Protection

Understanding Online Brand Exploitation and Its Consequences

Online brand exploitation is a very real—and complex—cybersecurity issue. A multi-faceted online brand protection strategy can help brands protect themselves and their customers. Key Points: Brand exploitation is a highly complex—a…

Read More
Email Security, Security Awareness Training

Creative Hiring Can Help Solve the Cybersecurity Skills Shortage

Hiring people from non-traditional backgrounds may help you solve the chronic shortage of cybersecurity skills, while bringing in fresh perspectives that can enhance cyber resilience. Key Points: A more creative approach to hiring can help address t…

Read More
Email Security

Want Cyber Resilience? Integrate Email Security into Your SIEM

Integrating email security data with Security Information and Event Management (SIEM) systems can help organizations respond faster to attacks and increase cyber resilience. Key Points: Email is an excellent early warning system for cyberattacks, be…

Read More
Email Security, Microsoft 365

Defense in Depth for Microsoft 365

Microsoft Office 365 has some good email security features, but also some significant vulnerabilities. A defense in depth strategy can compensate for these weaknesses, and create a more secure email environment. Key Points: Microsoft offers several …

Read More
Email Security

Credential Theft via Email Phishing: Its Rise, Risks, and Solutions

Credential theft is rampant and dangerous—but you can protect your organization and users by taking steps to stop email phishing attacks and password reuse. Key Points: Credential theft continues at extremely high levels as malicious actors ta…

Read More
Email Security, Brand Protection

Making Sure Your Third-Party Email Services use DMARC

Third-party email services help businesses conduct essential communications. They may also open the door for malicious email impersonation attempts.   Key Points: Many organizations use valuable third-party services to regularly communicate wit…

Read More
Brand Protection, Zone 3, TI+Ecosystem

Shoring Up Brand Protections in the Age of Domain Spoofing

Cybercriminals leverage the trust and digital reputations that online brands have fostered to further their malicious email spoofing and domain spoofing activities. Which are the most impersonated brands on the internet? While the answer varies a bit…

Read More
Email Security, Brand Protection

Why Government Organizations Need DMARC

Cybercriminals often spoof government email addresses. Enforcing DMARC can help governments protect citizens—and workers—from malicious email impersonation attempts. Key Points: Governments increasingly rely on email to communicate with …

Read More
Threat Intelligence Hub, Coronavirus

Threat Intelligence Briefing: Attackers Target Employees Returning to Work—and Increasingly Turn to Non-Traditional Attack Vectors

Key Points: Attackers are shifting focus to target employees returning to work. Non-traditional attack vectors, including vishing and deepfake audio, are on the rise. Mimecast detected a spike in attacks on healthcare organizations, with malicious …

Read More
Email Security, Threat Intelligence Hub

Sharing Threat Intelligence Among Best-of-Breed Security Tools

Cybersecurity tools need to share threat intelligence, using open Application Programming Interfaces (APIs), to effectively defend against cyberattacks.  Key Points: Even the best security tools cannot adequately defend the organization when th…

Read More
Email Security

The Growing Risk of Gift Card Scams

Business email compromise (BEC) scams that involve gift cards usually aren’t very sophisticated—but employees often still fall for them. Key Points: Gift card scams are a growing form of business email compromise attack that thieves use …

Read More
Threat Intelligence Hub, Coronavirus

Be Aware: Tax Scam Season in the U.S. is Extended This Year

Tax scams appear every spring—but the threats will persist longer this year because the U.S. filing deadline has been extended to July 15, 2020. Key Points: Because tax filing deadlines have been pushed back this year due to the COVID-19 pande…

Read More
Threat Intelligence Hub

New Threat Intelligence Report: 100 Days of Coronavirus

The global spread of COVID-19 has created many new opportunities for threat actors since the novel coronavirus began gathering widespread attention at the end of 2019. To provide a clear picture of how malicious actors are exploiting those opportunit…

Read More
Email Security

Business Email Compromise (BEC) Attacks: The Top Cause of Payment Fraud

Business email compromise was the #1 source of payment fraud attempts on U.S. organizations in 2019, according to the Association for Financial Professionals. Key Points: 75% of organizations suffered business email compromise (BEC) attacks last yea…

Read More
Archive and Data Protection, Coronavirus

Business Continuity in the Age of Novel Coronavirus

Q&A with business continuity expert Ross Jackson, VP, Organizational Resilience, for Mimecast: what’s working well, what’s weak, what’s coming, what needs a rethink. Key Points: Large companies with mature business continuity p…

Read More
Threat Intelligence Hub, Coronavirus

Threat Intelligence: Awareness Training Reduces Unsafe Clicks Amid Coronavirus Cyber Threats

New data demonstrates the power of security awareness training in helping to prevent unsafe behavior. Employees that don’t use awareness training are 5.2x more likely to click on bad links. Key points: Consider refreshing security awareness t…

Read More
Security, Security Awareness Training

Managing Cyber Risk: Shore Up Your Weakest Link with Awareness Training!

No matter how awesome your cyber risk management program is, it can all go to hell in a single click without equally great employee awareness training. Key Points: Clicking bad links and opening infected attachments causes breaches. A combination of…

Read More
Threat Intelligence Hub, Coronavirus

Healthcare Organizations Attacked by Coronavirus-Related Ransomware

Healthcare providers on the front line of the COVID-19 pandemic now also face the threat of catastrophic ransomware attacks delivered via coronavirus-themed emails. Key Points: Hospitals and other medical providers are facing a growing volume of ran…

Read More
Threat Intelligence Hub, Coronavirus

Threat Intelligence Briefing: Surging Spam and Impersonation Attacks Drive Increasing Coronavirus Cyber Threats

Spam and impersonation attacks have surged to the top of the list of cyberattack vectors driving a significant increase in overall malicious activity and unsafe user behavior, based on Mimecast’s analysis of cyberthreats during the first 100 da…

Read More
Coronavirus

The Mental Risks of Working and Learning in Isolation

Technology enables remote work while social distancing. A UK National Health Service (NHS) psychiatrist discusses how technology is redefining her work, people’s lives, and the risks we all face. Key Points: Mental health specialists are emplo…

Read More
Security, Email Security, Coronavirus, Coronavirus

Enhancing VPNs for Secure Remote Work During the Coronavirus Pandemic

To support an increase in remote working due to COVID-19, it may be necessary to scale up your VPN services and take extra steps to ensure all employees have secure network access. Key Points: For many organizations, the dramatic increase in remote …

Read More
Threat Intelligence Hub

Emotet-as-a-Service: A Serious New Cyber Threat

Highly sophisticated cyber criminals are hosting Emotet services, letting far less competent attackers distribute their malware with this powerful tool. Key Points: Malware-as-a-service (MaaS) has emerged as a highly efficient way to distribute mali…

Read More
Threat Intelligence Hub, Coronavirus

Threat Intelligence Briefing: Increasingly Sophisticated Coronavirus Cyberattacks Exploit Lapses in User Awareness

We’re continuing to observe an extraordinary level of coronavirus-related malicious cyber activity exploiting employees’ confusion and fear, with increasingly sophisticated and targeted attacks contributing to a rise in unsafe user behavi…

Read More
Security, Email Security, Coronavirus

Coronavirus Response Disrupts Healthcare Data Privacy and HIPAA Compliance

Healthcare data privacy and security are moving targets amid the coronavirus response, as telehealth use skyrockets and governments relax health privacy and data protection rules. Key Points: The coronavirus pandemic has catalyzed at least three maj…

Read More
Coronavirus, Coronavirus

Why Today’s Remote Workforce May Be Permanent

Malcolm Harkins is a member of the Cyber Resilience Think Tank, and a guest writer for Cyber Resilience Insights.  The changes to work – not just your new home office, but also the constant contraction/expansion of the economy –…

Read More
Security, Email Security, Coronavirus

Will Increased Phishing Move You to Multi-factor Authentication Email Security?

Multi-factor authentication can play an important role in keeping remote workers—and your corporate network—secure during the COVID-19 crisis, if you let it. Key Points: As employees go home to work by the millions, bad actors see a huge…

Read More
Security, Threat Intelligence Hub, Coronavirus

Threat Intelligence Briefing: Skyrocketing Coronavirus Cyber Attacks

We’re continuing to see an unprecedented level of malicious activity as the COVID-19 pandemic unfolds, with threat actors shifting their focus to prey on the latest evolving anxieties of people who are working at home or self-isolating due to h…

Read More
Security, Threat Intelligence Hub

Microsoft Excel Encryption Vulnerability Paves the Way for Malware

Editor’s note: Thanks to Mimecast Threat Center’s Doron Attias and Tal Dery for this discovery. Microsoft Excel’s standard file encryption capabilities can be used to obfuscate and deliver malware. Mimecast Threat Center researchers…

Read More
Security, Email Security

Beyond OSI Layer 7: Carbon-based Vulnerability and Business Risk

Sam Curry is a member of the Cyber Resilience Think Tank, and a guest writer for Cyber Resilience Insights.  The Open Systems Interconnection model (OSI) for computer communications has roots in the 70s and early 80s and uses a 7-layer ab…

Read More
Security, Email Security, Coronavirus

When Chaotic Systems Collide: The Dance Between Biology and Cybersecurity

Sam Curry is a member of the Cyber Resilience Think Tank, and a guest writer for Cyber Resilience Insights.  Author Yuval Noah Harrari in Sapiens highlights an important distinction between types of chaotic systems: first order systems can be ex…

Read More
Security, Email Security, Threat Intelligence Hub, Coronavirus

Coronavirus Phishing Attacks Speed Up Across the Globe

Unsafe clicks from COVID-19-themed email phishing attacks nearly double in recent weeks; Mimecast blocks up to 5,000 URLs related to the Coronavirus a day—37x what we blocked in January. Security professionals in organizations attempting to per…

Read More
Security, Email Security, Threat Intelligence Hub, Coronavirus

Threat Intelligence Briefing: Cybercriminals Weaponizing Keywords in Coronavirus Phishing Attacks

Coronavirus Phishing Attacks and Domain Registrations Increase Dramatically This week’s Global Cyber Threat Intelligence Weekly briefing was the first in an ongoing series of interactive web sessions from Mimecast with the mission of helping c…

Read More
Archiving, Archive and Data Protection, Coronavirus

Cloud Collaboration Tools Show Leadership in Business Continuity

After initial business continuity ‘hiccups,’ cloud collaboration tools bounce back with surprising resilience; they focus on core functions, letting peripheral functions lag. Key Points: Millions of new remote workers swarm onto cloud co…

Read More
Security, Email Security

Business Email Compromises Causes U.S. Companies to Lose $1.7B

The FBI says business email compromise is now the biggest cause of cybercrime financial losses for U.S. organizations. But ransomware attacks are also on the rise again.  Key Points: &n…

Read More
Security, Email Security, Threat Intelligence Hub, Coronavirus

Beware of Quickly-Evolving Coronavirus Email Phishing Attacks

Cyber criminals continually morph COVID-19 phishing scams to exploit what people are most anxious about at any given moment. Key Points: As every organization you’ve ever touched emails to let you know their coronavirus plans, email phishers a…

Read More
Coronavirus

Mimecast Continues Coronavirus Preparedness and Response

To help prevent the spread of COVID-19 and help keep our communities safe throughout the globe, last week Mimecast suspended all cross-border travel, limited domestic travel and advised employees to postpone events with 15 or more people. At tha…

Read More
Web Security, Coronavirus

10 Steps To Maintain Web Security (And Sanity) While Working From Home During Coronavirus

Governments across the globe have put extreme measures in place to limit the spread of coronavirus, prohibiting large public gatherings, closing schools and day care facilities, and encouraging “social distancing” to keep new coronavirus…

Read More
Awareness Training, Security Awareness Training, Threat Intelligence Hub, Coronavirus

Cyber Awareness: Top 3 Steps to Combat Cyber Disruption, Chaos and Profiteering

By now, COVID-19, or coronavirus, has likely dominated conversations and elicited new behavior at work, school, and home, given the rapid spread. But while we shift daily life and routines, the threat intelligence landscape is shifting as well: thre…

Read More
Security, Email Security, Coronavirus

Mimecast’s Preparedness and Response to Novel Coronavirus (COVID-19) Pandemic

Our hearts go out to everyone who has been affected by the COVID-19 virus in any way.  The health and safety of our employees, customers and partners and their families is one of our deepest concerns during this time. As the virus continues to s…

Read More
Security, Coronavirus

HIMSS: Coronavirus Cancellation a Hiccup or Opportunity for Healthcare Security?

As many of you know last Thursday HIMSS announced it was “clearly necessary to cancel the 2020 HIMSS Global Health Conference & Exhibition following the many reports from the World Health Organization (WHO) and the Cent…

Read More
Threat Intelligence Hub

New Cyber Threat Intelligence Report Reveals the Rise of Emotet

The Mimecast Threat Center launched the Threat Intelligence Report: RSA Conference Edition today, finding a 145% increase in attack campaigns across the globe from October to December. Researchers believe the increase can be attributed to Emotet&rsq…

Read More
Security, Email Security, Web Security

How to Address Cybersecurity Vendor Acquisitions

How to Address Cybersecurity M&A in Your Security Environment The role of cybersecurity and the overall importance of ensuring CISOs have a seat at the table for the acquisition process in its entirety is well documented; the value of data and t…

Read More
Security, Email Security, Threat Intelligence Hub

Tax Identify Theft is Increasing During Tax Season

With the 2020 tax season underway, cybersecurity analysts are seeing an increase in the number of impersonation attacks focused on stealing personal information through voice phishing, texts, and email. According to the Daily Mirror and other news s…

Read More
Security, Threat Intelligence Hub

Microsoft Issues Windows CryptoAPI / CVE-2020-0601 Patch

In the first Patch Tuesday of 2020, Microsoft has released a new patch for a serious Windows vulnerability, CVE-2020-0601, or the Windows CryptoAPI Spoofing Vulnerability. The vulnerability has grave implications for machines running 32- or 64-bit W…

Read More
Security, Email Security, Threat Intelligence Hub

Criminals Target American Infrastructure with Phishing and Malware

Enterprise networks throughout the United States are experiencing an escalation of phishing and malware attacks orchestrated by technologically advanced criminal groups around the world. With the intent of stealing data, profitin…

Read More
Security, Threat Intelligence Hub

Mimecast Discovers MDB Leaker: Microsoft Access Vulnerability CVE-2019-1463

The Security Implications of an Apparent Memory Leak in the Microsoft Access Database Editor’s note: Thanks to Mimecast Research Labs’ Ofir Shlomo and Tal Dery for this discovery. In January 2019, Mimecast Research Labs discovered and …

Read More
Security, Brand Protection

4 Requirements to Protect Your Brand Against Exploits

The increasingly digital global economy has created a “perfect storm” for cyber attackers. As our reliance on websites and email to interact with organizations has grown, so too has the opportunity for criminals who are increasingly prey…

Read More
Archive and Data Protection

How to Cut the Cost of E-discovery

Many organizations could significantly lower their e-discovery costs with risk-oriented upfront planning, better data management and an automated e-discovery solution. Key Points: Sharp increases in data production, compliance requirements and lawsu…

Read More
Email Security, Security Awareness Training, Microsoft 365

Email Account Takeover Protection Strategies for Microsoft 365

Here’s how to extend your email security strategy for rapid detection and remediation of threats inside the perimeter of your Exchange Online cloud-based gateway. Email account takeover attacks are hardly new but as cloud services surge in popu…

Read More
Threat Intelligence Hub

Bad Actors Target Media Industry with Impersonation Attacks

Impersonation attacks to spread disinformation through the media rose dramatically during the first half of 2020. Key Points: Email impersonation attacks on news organizations and publishers have been steadily rising throughout 2020. Some of this i…

Read More
Brand Protection

Getting to p=Reject, Mimecast’s Internal DMARC Project: Part 2

A DMARC project goes well beyond just DNS administration; team structure and proper owned domain discovery, categorization, and prioritization will ensure a smooth journey to p=Reject. In my first blog on Mimecast’s internal DMARC project, I la…

Read More
Security Awareness Training

Better Security Measures May Reduce Cyber Insurance Premiums

Fortifying your security with better controls, greater employee awareness, and a formal security budget could also lower your cyber insurance premium. Key Points: To help outsource their security risk, more companies are purchasing cybersecurity pol…

Read More
Threat Intelligence Hub

Phishing Kits: Saturating the Threat Landscape

High volume spam and phishing attacks are the new normal. Battling the onslaught requires awareness and a strategy. Key Points: Cybercriminals are using sophisticated phishing kits and automation to take cybercrime to a new level. Phishing kits prod…

Read More
Security Awareness Training, Threat Intelligence Hub

Discussing Cybersecurity with the Board

To win support and resources from their corporate board, cybersecurity professionals need to focus more on reducing business risk and less on technical metrics. Key Points: Cybersecurity execs need the backing of the board to secure the resources th…

Read More
Email Security, Web Security

Artificial Intelligence in Cybersecurity: Where are We on the Technology Adoption/Hype Cycle?

You likely have noticed how prevalent artificial intelligence (AI) and its related terms such as machine learning, neural networks, and big data analytics have become in the last several years in the world of cybersecurity. Doesn’t it make sens…

Read More
Security Awareness Training

Mimecast Voices: Gugu Tshangela

Editor's note: This is the third in a series of profiles featuring Mimecasters sharing their personal experiences with, and perspectives on prejudice and marginalization, and what actions people can take to better support their colleagues in this era…

Read More
Threat Intelligence Hub

Microsoft Teams Notification Spam Exposes Phishing Risk

Google Firebase exploit highlights risk of third-party development tools and potential phishing risks of new messaging platforms Reports from around the world today saw Microsoft Teams users receiving unexpected notifications on their devices –…

Read More
Email Security

Integration Can Help Your Cyber Resilience SOAR

Open APIs help today’s advanced SOAR systems deliver the automated threat response needed to reduce mean time to mitigation and remediation, and improve cyber resilience. Key Points: Careful but widespread automation is the only way security o…

Read More
Threat Intelligence Hub

The Cybersecurity Threat to UK Healthcare

National Cyber Security Centre (NCSC) advisories and open source media reporting have identified cybercriminal groups targeting individuals, SMBs, and large enterprises, including those in the healthcare sector, with COVID-19 related scams and phishi…

Read More
Brand Protection

Brand Safety and IP Infringement in the Digital Era

Since the rise of digital marketing, criminal hackers have infringed a large and diverse number of brands’ copyrights, trademarks and IP, creating a skyrocketing need for a culture of brand protection. Editor's note: This is the first in a seri…

Read More
Email Security

Managing Security with a Lean Team

Post-Covid security teams are lean, and getting leaner. To meet a rising threat level, they need to revisit what they do and how they do it. Key Points: Six stratagems can help CISOs meet the challenge of lean security in a post-Covid world. Promoti…

Read More
Brand Protection

BIMI May Boost Brand Safety—and Email Open Rates

Emerging standard specification ties brand logos to legitimate domains. It could increase trust in email and help people avoid phishing scams. Key Points: BIMI is an emerging email specification that appears to be making progress, with Google recent…

Read More
Threat Intelligence Hub

The Power of Predictive Threat Intelligence

Refocusing threat intelligence from identifying who is behind an attack to predicting what type of attack will occur is a better way to counter cyber threats. Key Points: The traditional approach to threat intelligence– centered around attribu…

Read More
Archive and Data Protection

EU-U.S. Data Privacy Shield Is Invalidated: Now What?

With the EU-U.S. Privacy Shield for data transfers up in the air, companies worldwide face a shifting and confusing privacy landscape full of unknowns. Key Points: Europe’s top court recently invalidated a key rule governing the flow of data b…

Read More
Threat Intelligence Hub

More than Meddling: Phishing Email Scams Exploit Political Brands

Businesses now face growing risk from phishing email attacks that prey on people’s political opinions, mirroring the COVID-19 cybercrime surge that preyed on fear.  Key Points: Cybercriminals’ two favorite techniques are to exploit …

Read More
Email Security, Archive and Data Protection

Ransomware Death Paints an Ugly Future for Cyber Crossfire Liability

Civilian lives are at risk as critical national infrastructure organizations around the world are slow to counter the growing ransomware threat. The first known death from a cyberattack has been widely reported after a hospital in Düsseldorf was…

Read More
Brand Protection

Monitoring Can Help Keep Your Brand Safe From Search-Ad Phishing

Search-ad phishing is yet another cybercriminal activity that threatens brand safety – yet many marketers are still unaware. Editor's note: This is the second in a series of articles by marketing SVP Alex Bender about brand safety and brand pro…

Read More
Archive and Data Protection

Moving E-discovery to the Cloud

As the volume of digital documentation continues to grow, law firms are struggling to move their archives to the cloud. Key Points The growth in e-discovery has left law firms with terabytes of digital documents that must be preserved. Legal firms i…

Read More
Archive and Data Protection

Latest Microsoft 365 disruption highlights hidden complexity of cloud continuity planning

Global outage affects Microsoft 365 service availability, hampering productivity and communications for organizations around the world. Cloud-based Microsoft applications, including Teams, Office and Outlook, were struck by a worldwide disruption on …

Read More
Archive and Data Protection

Focus on Canada: Data Privacy Policy Poised for Change

New data privacy laws are coming in Canada. Businesses have lots of suggestions, but the debate will take months to reach an outcome. Key Points: Canada’s federal government and provinces are developing new data privacy laws. Changes are in st…

Read More
Email Security, Archive and Data Protection

Ransomware Wave Crashing U.S. Systems

A tidal wave of ransomware attacks is inundating the U.S., exploiting a lack of cyber resilience at many of the country’s bedrock institutions. Key Points: A ransomware strike has crippled UHS, an $11.4 billion Pennsylvania-based health system…

Read More
Security Awareness Training

How To Make Cybersecurity Awareness Training Stick

October is National Cybersecurity Awareness Month – a time to evaluate, refresh or kickstart a program to help employees adhere to their organization’s security policies. National Cybersecurity Awareness Month (NCSAM) is a joint effort b…

Read More
Brand Protection

It’s Marketing’s Job to Keep Brand-Loyal Customers Safe Online

Marketers' brand safety strategies should expand to embrace online brand impersonation in collaboration with corporate cybersecurity teams. Key Points: Online brand impersonation is rampant, and cybercriminals regularly trick brand-loyal customers i…

Read More
Security Awareness Training

If You Connect It, Protect It

When everything and everyone are always connected, a fundamentally different approach is needed for cybersecurity. Key Points: Most companies today are just one click away from cybersecurity disaster. Four steps can help cybersecurity professionals …

Read More
Security Awareness Training

Canada Gets Out the Cybersecurity Awareness Message

Part of a global movement, Canada’s annual Cybersecurity Awareness Month is a broad public education campaign about the threat posed by cybercrime. Key Points Cybersecurity Awareness Month, an annual public awareness campaign, kicked off in Ca…

Read More
Email Security

AI vs. AI: Now, AI is Required for Your Business’ Cyber Resilience

Cybercriminals are using AI to boost ransomware, email phishing scams and other attacks. Cybersecurity leaders must also deploy AI to enhance their cyber resilience. Key Points: A range of bad actors are incorporating AI capabilities into their deve…

Read More
Email Security

Broadcom Alternatives: Five Email Security Strategies for Symantec Customers

Osterman Research’s report shows how Symantec customers are faring and explains their email security choices now that the Broadcom acquisition is long since closed. Key Points: Tech giant Broadcom closed their acquisition of Symantec’s e…

Read More
Security Awareness Training

Cybersecurity and the New Work from Home Normal

Now that work from home is the new normal, security professionals need to reassess how they are managing their organization’s cybersecurity risk. Key Points: COVID-19 has made remote work from home the new normal. Security professionals need t…

Read More
Archive and Data Protection

Focus on Canada: Cross-Border Data Privacy in the Crosshairs

Shifting data privacy laws and regulations could change how Canadian companies can use U.S.-based cloud services and data processors. Key Points: New policies concerning data residency and localization may affect how Canadian companies share data wi…

Read More
Email Security

Security Incidents in Healthcare And What You Can Do About Them

The Healthcare Industry continues to fall victim to ransomware at alarming rates. Security awareness training can help. Doesn’t it seem that in the last few months there has been a flood of security incidents and breaches hitting the global he…

Read More
Brand Protection

Amazon Prime Day: Primetime for Cybercriminals

Cybercriminals took advantage of this year’s Amazon Prime Day to rev up credential harvesting, phishing attacks and brand impersonation. Is this a precursor to the upcoming holiday shopping season?  It is no secret that cybercriminals lov…

Read More
Email Security

Defending AI in the Adversarial Environment

AI — in cybersecurity and in general — is vulnerable to adversarial attacks. Here’s why, plus some defense strategies to increase your cyber resilience. Key Points: Organizations and their cybersecurity functions are increasingly d…

Read More
Security Awareness Training

Cybersecurity Awareness Training Can Help Mitigate the Risk of Personal Use on Company-Issued Devices

Mimecast-sponsored research of more than 1,000 businesspeople with company-issued devices finds that 73% of employees regularly use their work device for personal activities. Because the pandemic has moved workforces across the globe into home office…

Read More
Security Awareness Training

Focus on Canada: Is Lax Cyber Training Making Canada a Target?

Canada conducts less cybersecurity awareness training than other countries. It also attracts far more phishing attacks. Key Points: Canadian companies conduct less cybersecurity awareness training than their counterparts in other countries. Canada i…

Read More
Email Security

Crowdstrike-Mimecast Integration Boosts Enterprise Cybersecurity

Organizations need deep email threat intelligence that is integrated with endpoint detection so identification, prevention and responses to threats are connected, orchestrated and automated. Key Points: Most organizations use a combination of SIEM a…

Read More
Archive and Data Protection

Data Privacy Is on the Ballot in U.S. Elections

Elections in California and across the country could rewrite data privacy laws and revive national data privacy legislation now circulating on Capitol Hill.  Key Points: Californians are poised to vote on Proposition 24, which would strengthen …

Read More
Email Security

FBI Warns of Healthcare Ransomware: What Hospitals Can Do

Like wearing a mask and washing your hands, following a few proven cybersecurity best practices can boost resilience to ransomware for all organizations. Key Points: Surging ransomware attacks continue to target healthcare facilities. Cybersecurity …

Read More
Email Security, Threat Intelligence Hub

Threat Intelligence Briefing: Pandemic Fallout Strains Cybersecurity and Resilience

All organizations’ cybersecurity resilience is in greater peril as the global COVID-19 pandemic continues to add to and reshape cyber risk. Key Points: Pandemic fallout such as businesses accelerating their cloud migrations, more work from hom…

Read More
Email Security

Companies Large & Small Consider 5G Opportunities — and Cyber Risks

5G networks are rolling out worldwide, and many companies could end up running their IT networks on 5G. But can they make 5G LANs cyber resilient? Key Points: Wireless network operators are racing to build out a global 5G network. Companies stand to…

Read More
Email Security

AI and Cybersecurity: The Need for a New Mindset

As the use of advanced AI in cyberattacks increases, cybersecurity organizations must get more creative to outsmart the bad guys. Key Points: Cyber adversaries are increasingly adept and creative in the application of AI to fuel their attacks. Incor…

Read More
Archive and Data Protection

COVID-19 and the Dire Need for E-Discovery

The COVID-19 pandemic has created new legal risks that make e-discovery more valuable than ever. Key Points:                       &nbs…

Read More
Email Security, Brand Protection

Getting to p=Reject, Mimecast’s Internal DMARC Project: Part 3. Job Done?

Mimecast’s now completed DMARC project highlights examples of attacks that were stopped using a combination of DMARC, for the email portion of the attack, and Mimecast’s Brand Exploit Protect for the malicious website detection and takedo…

Read More
Email Security, Threat Intelligence Hub

Anatomy of a Sustained BEC Attack on Microsoft 365 Users

Cyberattackers lurked in victims’ Microsoft 365 email accounts for months, first to divert $15 million, and then to prevent detection of their email compromise. Key Points: A recent global business email compromise campaign, now under investig…

Read More
Archive and Data Protection

Mimecast Cloud Archive Named Leader in 2020 Gartner EIA Magic Quadrant

For the sixth consecutive year, Mimecast Cloud Archive clinched a spot in Gartner’s Enterprise Information archiving Magic Quadrant. Here’s why we earned it and where we’re going next. Cloud archiving is of growing importance, and o…

Read More
Email Security

Cyberattacks Grow More Targeted in the Time of COVID

The pandemic has changed business and workplace dynamics, and bad actors are using these changes to pursue new avenues of attack. Key Points: Cybergangs are playing off of the anxiety and confusion surrounding COVID-19 to launch more insidious threa…

Read More
Archive and Data Protection

Elections Change Outlook for U.S. Data Privacy Policy in 2021

National privacy policy is on the agenda in Washington, a stricter California policy is approved by voters, and other states are poised to act. Key Points: Many businesses favor a national privacy policy rather than patchwork state policies. The inc…

Read More
Security Awareness Training, Brand Protection

Black Friday in the Time of COVID Threatens Cyber Resilience

Cybersecurity awareness training is key to security and resilience as more employees shop at home on corporate-issued devices. Key Points: Holiday shopping is always a focus for cybercriminals, but the risk is worse in 2020 because more people are w…

Read More
Email Security

Bad Guys with Good Algorithms: 5 Ways Cybercriminals Can Exploit AI

The bad news is cybercriminals are leveraging AI to supercharge their attacks. Learn how they do it in order to build better cybersecurity defenses. Key Points: AI is emerging as a driver of new, more advanced cybersecurity threats. Bad actors can h…

Read More
Security Awareness Training

9 Ways to Build a Robust Cybersecurity Culture

Effective cybersecurity requires a pervasive organizational culture where everyone knows what to do and is committed doing it. Key Points: Creating a culture of cybersecurity requires honest, plain-English communication that motivates people around …

Read More