Insider Threat Protection: How Organizations Address the Inevitable
 

At Mimecast we are blessed to have more than 33,000 customers for our email security, archiving, web security and security awareness training services. And staying connected and engaged with these customers is key to our mutual success. But how best to do this?

TechValidate

While there is no one way, the latest tool in our customer connection arsenal is using a specialized surveying tool called TechValidate. Using TechValidate we can engage with customers on specific topics and Mimecast services they are using to hear directly from them what is going well and where there are opportunities for improvement.

Recently we conducted a TechValidate survey on the topic of internal email threats and the Mimecast Internal Email Protect service.

What are Internal Email Threats?

Internal email threats are threats or unwanted emails that are generated internally and sent to other internal email users or outbound to customers or business partners. Internal threats can be initiated from user accounts that have been compromised by cyberattackers, initiated by careless internal users, as well as in some cases, promulgated by malicious internal users.

How Organizations Deal with the Challenges of Insider Threats

In this survey we delved into the topic of internal cyber threats as well as customers’ specific perspectives on our Internal Email Protect service. The results were enlightening:

• For starters, internally-generated email represents the majority of email traffic at most organizations, with 46% of respondents noting that 51%-75% of their overall email traffic is internally generated. It follows that if you aren’t inspecting and securing your internally generated email traffic you are missing a key threat vector.
• 51% of respondents’ organizations have experienced credential harvesting attacks in the last 12 months! This shows how prevalent this cyberattack type is. If you are using a single factor of authentication (UIDs with passwords) there is an excellent chance that threat actors are already logging-in to your internal systems, such as your email.
• The two primary reasons organizations deployed Mimecast Internal Email Protect were to address attackers using stolen credentials to access their email and spread the cyberattack, and to improve their monitoring of internal and outbound email.
• Most organizations using Internal Email Protect have between zero and five IT security folks on staff, demonstrating that it’s a cybersecurity service that fits well with “lean” IT security organizations.
• More than half of all respondents estimated their monthly time savings from using Internal Email Protect to be between one and 20 hours per month.

How Mimecast Can Help Protect Against Insider Threats

Staying close to customers is central to the Mimecast culture and way of being. But doing so across more than 33,000 organizations requires multiple techniques, both direct and personal, as well as online (via the Mimecaster Central Community for example), and via broader and more automated techniques such as TechValidate-based surveys. All of these are important mechanisms for enabling mutual success.