2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
The IBL Group is the largest conglomerate in Mauritius. Formed in 2016, IBL Group was born from the merger of GML and Ireland Blyth Limited, two of the largest conglomerates in Mauritius at the time. Today, IBL Group employs more than 26,000 people in over 280 investment and operational companies, spanning logistics, banking, insurance, finance, retail, hospitality, and many more industries.
With so many businesses and users in its stable, IBL Group wanted an email system that was easy to manage and saw the value in shifting its onpremise email solution to Microsoft Office 365 in the cloud.
“The moment we did that, our attack surface increased substantially,” says Mevin Goonmeter, IBL Group Infrastructure Operations Manager. “At the time we were using the Advanced Threat Protection (ATP) security feature in Office 365, but we saw immediately that it wasn’t enough. As a global enterprise with interests in nearly every industry, we get a lot of attention in the media – which also means a lot of attention from cybercriminals. We could see via our monitoring mechanism that our Office 365 accounts were being continuously targeted with brute force and impersonation attacks that were especially concerning. It was a massive wake-up call for us. We realised we were dangerously under-protected, and we had to act fast.”
Laurent Fayolle, IBL’s Group IT Executive, says the Group wanted more than an out-of-the-box solution from a vendor that they’d never see again.
“We were looking for a partner more than anything else. We didn’t have any cybersecurity governance in place, and we needed a provider that could guarantee a certain level of protection as well as provide a certain level of comfort to the Audit and Risk Committee. They needed to guide us towards the right decisions, configure the system according to our needs, and be prepared to assist whenever we needed it.”
IBL Group found that support in Grove, a Mimecast reseller and partner. “I met with Chad Bartlett from Grove and appreciated that he never once tried to sell me anything. He asked intelligent questions and tried to understand the challenges we faced in the company and the country.
This type of cautious and skilled approach is something I’ve yet to see from most local IT providers. Before we even spoke about solutions, Chad knew that he had to understand our business and challenges.”
Goonmeter says IBL did due diligence on a number of solutions and took their time benchmarking and comparing different options.
After a successful proof-of-concept covering 200 users, IBL Group signed a three-year contract for 2,000 users. It purchased Mimecast’s Secure Email Gateway with Targeted Threat Protection, Continuity, Archiving and Sync & Recover, to improve their cyber resilience. It also adopted Mimecast Awareness Training, Internal Email Protect services, and Grove’s 24/7 Support service.
“Mimecast ticked all the boxes for us: monitoring, reporting, comfort, protection against all kinds of attacks but especially impersonation attacks, alerts, a commitment to research and development, a high level of ethics, and – most importantly – a value-adding service.”
“With Grove and Mimecast it was always about more than the solution,” says Goonmeter. “We felt comforted by the fact that there would be a skilled team looking after our interests and guiding us to make the right decisions. What started out as a scope for protection from external threats and the ability to recover in the event of an attack, expanded to include internal threat protection and user awareness training – services that we weren’t looking for in the beginning but that were proposed by Grove to help us address our challenges.”
IBL Group saw immediate results after implementing Mimecast. “Even when we were in ‘relaxed’ implementation mode, we could already see the benefits in terms of the number of emails and attachments that were being blocked,” says Goonmeter. “Implementation and fine-tuning happened so smoothly and, if there were any issues, Grove addressed them before they became problems. The entire experience was positive and one that we now want to make available to our investment companies.”
An important part of improving their defences was adopting Mimecast Internal Email Protect. “We noticed that quite a few threats came from within our perimeter, which is why we also opted to analyse our internal emails as well. If we were to only protect the business from external threats, we would have only covered a portion of our attack surface, leaving us exposed. We now have full visibility of all emails and the assurance that emails sent between internal users are analysed. Infected emails and/or attachments are automatically removed from users’ inboxes,” says Fayolle.
Both Goonmeter and Fayolle are also excited about rolling out Mimecast Awareness Training. “We haven’t implemented this yet, but I’ve seen the videos and I love the characters – and I’m sure our users will also love the engaging content,” says Goonmeter.
Fayolle notes that security awareness training is a focus area for IBL Group because human error was often part of the attacks. No matter how effective your security technology is employee mistakes still pose a threat to your organisation.
“Irregular sessions and boring ‘death by presentation’ don’t work anymore. Mimecast’s training makes it interesting and will help to increase the level of security awareness across the organisation,” he says. “Users are now responsible for closely inspecting the emails they receive and will be forced to think twice before clicking on a link or opening an attachment from an unknown sender.”