The State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Azizi Developments is the real estate investment arm of Azizi Group. Established in 2007, the company’s diverse experience in the property market has enabled it to expand to include a portfolio worth over AED 45 billion in the Emirate of Dubai. Due to the company’s growth and success, unfortunately this has made it a frequent target of cyber attacks in general and phishing scams in particular.
In late 2017 Azizi Developments set about tackling the situation by appointing a Head of Cyber Security, Ankit Satsangi. Satsangi was initially tasked with improving the protection of the company’s network, datacenters, servers, assets and data. He and his team set up a Security Operations Center enabling improved detection, prevention and incident response. They also initiated the Human Firewall project, grounded in providing security awareness training for Azizi Developments’ hundreds of employees.
Previously the company was being bombarded by phishing attempts each day, and they were increasing in number and sophistication. Azizi Developments c-suite was a particular target, with impersonation attacks a frequent occurrence. A Microsoft O365 user, Azizi Developments previously had anti-spam/anti-virus tools in place, but not a security tool providing advanced threat protection. The company was spending many hours each week trying to stave off or remedy the impact of phishing attempts.
Satsangi and his team began evaluating email security vendors almost immediately. The key requirements for an email security solution included advanced threat protection, sandboxing of attachments, and comprehensive phishing detection/prevention. GDPR compliance was also a factor, but not a key requirement at the time, as they knew they could put a separate solution in place for that if needed.
“The attachment scanning and sandboxing was really important, because we’d had several incidents of c-suite systems being compromised through malicious email-borne attachments,” says Satsangi. “O365 was not able to block that kind of attack at all.”
The company learned about Mimecast from a local IT partner. After doing some research they found that Mimecast offered the advanced threat protection features Azizi Developments urgently needed. Satsangi ran a Mimecast pilot and came away impressed. “Out of the box, Mimecast had features and capabilities that other vendors couldn’t touch,” recalls Satsangi. “Their detection accuracy, ability to provide focused protection of c-suite profiles, and reporting – we saw brilliant insights in that short POC and knew it was the right solution for us.”
“The reporting dashboards were very intuitive,” he adds. “It was easy to configure everything ourselves, and the executive reporting was great. I was really impressed.”
Satsangi reports that the Mimecast implementation process was simple – it took about 30 minutes. With Mimecast’s help, his team configured the Mimecast gateway in front of the company’s O365 email service, and saw an immediate, massive decline in the volume of unwanted email coming through – a 75 percent reduction in mail overall. “Mimecast was catching a ton of potentially problematic email that O365 had been letting through,” said Satsangi. “It was like turning off a spigot. The difference was enormous.”
Mimecast sandboxes every email attachment and scans it before releasing the email to the user – a highly effective process that takes only seconds but has significantly enhanced email security. Mimecast also helps email users learn how to identify phishing and other malicious emails through user-managed quarantines and periodic web-based reminders to evaluate whether an email or attachment is from a trusted source or not.
The Mimecast service provides Satsangi’s team with detailed reports on exactly which users clicked on bad domains or fell prey to phishing scams, so they can coach those users one-onone immediately. Over time, Azizi Developments’ cyber security team will layer classroom and online training for all email users, to share best practices about identifying and handling malicious email. Mimecast data and reporting will help inform that training – the types needed, and who needs it most urgently.
Satsangi frequently reminds his team, “You can’t protect what you can’t see.” Mimecast provides critical insight and statistics on the number and types of attacks, and the users who clicked on suspicious or malicious emails – data Azizi Developments didn’t have before.
With Mimecast in place acting as an email security gateway, the overall volume of email entering the Azizi Developments network has been reduced by more than 75 percent. The cyber security team spends half as much time dealing with email security issues as it did prior to implementing Mimecast, freeing more time to spend on innovation and preventive measures rather than putting out fires. Mimecast also helps ensure that Azizi Developments email practices are GDPR compliant.
Satsangi reports to the Azizi Developments’ executive team weekly with key cyber security statistics, including the number of incoming email attacks with attachments, the number of overall phishing attacks, the number of users who are trying to engage with malicious content even though it has been defanged, and the reduction in overall attacks. “Everything is trending very well,” says Satsangi.
“We implemented Mimecast in just a half an hour,” notes Satsangi. “Since then, we’ve seen enormous reductions in spam, ransomware, advanced threats, and malicious attachments, and reduced overall email volume by more than 75 percent. I’d say that Mimecast is one of the most effective security solutions I’ve implemented, ever.”
As Coronavirus continues its spread across the globe, the world has changed faster than most of us ever …