Trending in Cybersecurity: April 2017

by Danielle Anderson - Social Media Specialist

Missed the latest news in today’s cybersecurity world? Having trouble keeping up with all the various news stories on ransomware? No problem! Mimecast has got you covered. Our Trending News blog series will bring you up to speed on recent industry news in one place. Check out our top 10 news articles regarding cybersecurity, ransomware and more for the month of April.


1. Ransomers Are Coming for Your Internet-Connected Teddy Bears via New York Post

  • Half a million customer accounts exposed via data breach of internet connected smart teddy bears.

2. A Phishing Campaign About Nothing via SC Magazine

  • A new email phishing scam sends emails with no text in the email body, just an attachment with malware.

3. Half of All Phishing Attacks in 2016 Targeted Financial Data via eSecurity Planet

  • According to a Kaspersky Labs report discussed in this article, half of phishing attacks aimed at stealing victims’ money.

 4. Phishing: Draining the Corporate Bottom Line via Computer World

  • Robert C Covington explains how the cost of being a corporate phishing victim far outweigh the cost and time of putting a prevention plan in place.

5. More Than 120,000 Affected by W-2 Phishing Scams this Tax Season via CSO

6. What’s the Difference Between State-Backed Hackers and Cybercrime Gangs? Nothing At All via ZD Net

  • As organized cybercrime becomes more sophisticated, businesses now need to worry about more than just government based hacking groups.

7. Trump Seeks $1.5B for Cybersecurity in FY 2018 DHS Budget via Bloomberg BNA

  • The Department of Homeland Security would receive $1.5 Billion for cybersecurity efforts under President Donald Trump’s budget blueprint for fiscal year 2018.

8. Two Major US Technology Firms ‘Tricked Out of $100M via BBC News

  • A man from Lithuania pretended to be a legitimate business partner of two US tech companies via an email phishing scam, ultimately conning the two companies out of $100 Million.

9. Cybercriminals Exploit March Madness Frenzy via Dark Reading

  • Users looking to stream matches during March Madness should beware as malicious phishing activity has increased with fake phishing pages and adware potentially exposing confidential data to hackers.

10. Open-Source Developers Targeted in Sophisticated Malware Attack via PC World

 Stay tuned for the next installment of our Trending News blog, keeping you up to date with what's happening in the cybersecurity world!  


Dealing With Email Disruptions

by David Hood - Director, Technology Marketing, Mimecast

April 3, 2017

  Mimecast recently completed a global survey on Exchange Online and the general importance of email across organizations with between 250 and 10,000 email users. We found that email continues to be the primary communication channel at these companies, with 98% of respondents saying they use email.


I like to joke that 2% must be lying as I can’t imagine a business today not relying on email. Mimecast also found that 87% of organizations view email as critical, underscoring the need to make sure a plan B exists for when a primary mail server experiences a disruption.

Complete email disruptions are infrequent, but have a large impact on a business. Especially if the disruption occurs during working hours and during critical periods such as the end of the month.

Planning for a continuity event or disruption is relatively easy, provided the right solution is in place to act as a secondary delivery path and the proper communication to employees has been set up. Mimecast’s goal of making email safer for business includes the necessary planning tools and technology to make this possible.

In terms of planning, it’s important to remember that primary server disruptions can happen for a host of reasons, whether the server is running on-premises or in the cloud. For cloud services, problems can be a local disruption that takes a few tenants offline or a broad event that impacts a region. In March, Microsoft and Office 365 had a couple of reported web service outages. For on-prem servers surprise events do happen and planned events such as migrations and upgrades can also take email offline for a period of time.

Regardless of the reason, communicating with employees is key so proper expectations are set and any alternative methods for continuing to send and receive email are well understood. Mimecast recommends establishing a pre-event checklist (which is provided to customers in the Mimecast Continuity Planning Manual) for a potential email disruption and ensuring that the organization has satisfied all requirements. This should include an “off email” communication channel to notify employees if there is an issue. It’s easy to overlook this simple step!

With the pre-event checklist in place, organizations should test the plan and solution regularly. It’s important to remember that to be successful, a continuity for email solution will need to incorporate technology, administrator and employee actions. Planning and testing will facilitate coordination of all three.

Mimecast recently added Continuity Event Management (CEM) features to make coordinated activity and continuity response even easier. CEM allows administrators to monitor inbound and outbound mail flow to quickly identify latency or delivery problems. Triggered alerts are sent to administrators via SMS or another email address and a one-click continuity portal drives down RTO. Mimecast includes the ability to communicate with employees via SMS to provide event specific instructions. These new features as well as the Mimecast for Outlook, mobile, Mac and web apps keep administrators and employees working during mail server outages.

By combining the necessary planning, employee communication and solutions, Mimecast makes email more resilient regardless of whether a customer is on-prem or using a cloud service like Office 365.


See how Mimecast can make email safer for your business. Schedule a demo today!


The Benefits of Cloud Migration

by David Hood - Director, Technology Marketing, Mimecast

 March 28, 2017


 The Great Migration

Microsoft Office 365 offers a compelling business case to organizations - trade resource intensive on-premises infrastructure and software for services managed by Microsoft and delivered from the cloud. The rate of adoption tells us the benefits are attractive. In fact, recent Mimecast research finds that 99% of Office 365 users are receiving some benefit from the service.*

The research also uncovered some very interesting information regarding how businesses with between 250 and 7,500 email users are making the move to the cloud with Office 365. First the survey found that 58% of companies were using Exchange Online with another 29% planning to in the next twelve months. For those thinking about how many employees to move up to the cloud, our research finds that the average is about 70% of the total email users. I believe this shows the importance of hybrid environments, an area that Office 365 has proved it’s supremacy over other cloud collaboration solutions.

Given that for most organizations, not everyone will be on Office 365, our research set out to find the other mail servers being used. Not surprising, many flavors of Exchange on-prem were in use with the following breakdown.

What other email service provider does your organization currently use?

Exchange 2016


Exchange 2013


Exchange 2010


Google Apps


IBM Lotus Domino


Exchange 2007



 How are orgs getting to the cloud?

With a large number of organizations already moving to the cloud and many others considering Office 365, it’s interesting to look at how companies are making the transition. Mimecast research finds that about one third of companies are using a cutover migration while two thirds are opting for a hybrid migration. Hybrid migrations are generally less risky as users can be switched over a longer time period with a safe fallback position to on-premises if something should go wrong. Organizations making the move are also keenly aware of the need to port archived email to the cloud. 9 in 10 organizations have already or plan to move existing mail to the cloud.


Migration Concerns

In addition to what migration approaches most companies are using, Mimecast wanted to find out what were the top concerns when making the move from on-premises email. I guess not surprisingly, 6 in 10 were most concerned about downtime during the migration. Especially considering that over 85% view email as critical to their organization. One surprising stat was that in the event of an Office 365 disruption, almost half of the organizations said they would just wait for Microsoft to restore the service while the other 50% would look to a third party for help with email continuity. It’s obvious which employees would be more productive!

Other top concerns for the migration include security concerns of senior employee’s email privacy, on-premises system requirements for sending email and the overall impact to employee productivity.

Interested in learning more about how Mimecast can help ease the transition to Office 365 and make email safer for business? Check out the ebook, Confidently Move Your Email To The Cloud.

*The research is based on a survey with 600 CIOs, IT directors or IT managers in the US, UK, South Africa and Australia. Research was conducted by Vanson Bourne between October and December 2016.



March 24, 2017

If you think DMARC – Domain Message Authentication Reporting & Conformance – is the solution to defend against email spoofing, impersonation or business email compromise attacks, you would be only partially correct. It helps but doesn’t by itself solve the entire problem.

Overall these social engineering heavy, impersonation type of email attacks have become a key go-to method for cybercriminals, helping them reap by some estimatebillions of dollars of ill-gotten gains every year. Why are attackers so focused on these types of attacks?  It is simple: The returns are good, the cost of entry is low, technical innovations aren’t needed, and the risk of getting caught is negligible. 

DMARC, when used in conjunction with other DNS authentication capabilities such as DKIM and SPF, can help stop attackers from spoofing or hijacking the email domains of trusted senders, thus effectively taking away one method attackers use to fool their intended victims.  Unfortunately, many organizations don’t support these security standards with the deployments of their email systems.  The FTC recently released a study which confirmed this.  However, using these email security standards alone will not sufficiently defend your organization from the full variety of malware-less impersonation attacks.  Why not?

Unfortunately, attackers are creative.  One way around DMARC/DKIM/SPF-oriented security controls is to register and use valid domains which are similar to, but not exactly the same as, your domain or the domain of one your trusted partners or customers.  For example, using instead of the proper as the sending domain for an attack against Mimecast or someone expecting an email from Mimecast.  Notice the difference - rn .vs. m? is a perfectly valid domain, the fact that it is quite similar to is not an issue for email routing on the Internet, but is a big problem for a person who applies only a cursory glance to the sending domain and has no automated email security controls. 

And, of course, there is nothing DMARC can do to stop attackers using free mail accounts to launch their attacks.  Most organizations can’t broadly block emails from Gmail, Yahoo, or Hotmail because they are the source of many legitimate emails. 

The best solution for protecting your organization from an email impersonation attack is to combine the use of DMARC, DKIM and SPF with Mimecast’s Targeted Threat Protection – Impersonation Protect, so inbound messages can be analyzed to determine their validity before being delivered to the users’ inbox.  Inspecting the content of the email for keywords (wire transfer, W-2, credit card etc.) in combination with the validity and newness of the sending domain, the accuracy of the display and reply-to name, in conjunction with using DMARC and family of email security standards, can provide a  strong defense against  malware-less, email-borne impersonation attacks.

Unfortunately, most organizations have not adopted these types of sophisticated email security controls whether at the domain registry or individual mail inspection level.  However, as more businesses adopt email security technologies such as DMARC/DKIM/SPF, the level of protection will increase for everyone on the Internet. Adding DMARC to Mimecast’s security portfolio helps our customers better protect their email domains as well as filter and flag any unauthenticated senders, which leads to improved security for all Mimecast customers.

To learn more about Mimecast’s DMARC implementation in particular and DNS Authentication policies please check out this document in the Mimecaster Central community.