Kathy Gibson is at the Mimecast Cyber Resilience Summit – In a rapidly-evolving threat environment, organisations still have to balance next-generation security with compliance.

In the battle to stop bad things from happening, companies have had to layer on masses of different technologies that don’t necessarily work together, says Christina van Houten, chief strategy officer at Mimecast.

Often these systems are only partly configured – or not at all. And they are not necessarily designed for compliance, she adds.

Mimecast is adding to its solutions to create an extended security platform that embeds various defence and intelligence services, Van Houten says.

The threat is real – organisations are under attack from all sides, with their email often the ingress point for various threat actors.

Mimecast recently released its latest Threat Intelligence Report: Black Hat Edition, which covered the period April to June 2019 with almost 160-billion emails processed and 67-billion emails rejected.

“We saw that 67-billion emails displayed highly malicious attack techniques,” says Francis Gaffney, director of threat intelligence and response at Mimecast.

“Impersonation attacks showed a significant increase, with attackers using social engineering techniques to target individuals for fast and easy financial gain.

“A large number of known malware attacks were also observed, with Microsoft Excel emerging as the most popular file type for distributing malicious activity.

“Forty percent of threats detected used Excel files, while file types associated with Microsoft Word were seen in nearly 15% of threats.”

The report also found that threat actors are becoming more organised, and now implement subscription and as-a-service based business models to deliver malware, reducing their work while improving their return on investment.

Spam email was found to be used extensively as a conduit to distribute malware, with professional education emerging as the most targeted sector for spam, thanks in part to constantly changing student populations that are unlikely to have high security awareness.

Attacks on management and consulting firms and the biotechnology sector accounted for 30% of all impersonation attacks.