Swinburne University of Technology gets some 5.5 million emails a month for students and staff and, says, chief information security officer, Steven Cvetkovic, almost 70 per cent of these are spam, phishing exercises or contain malware.
He told Computerworld that the university had deployed Mimecast’s cloud-based email filtering technology to protect its systems from email borne threats.
“Email security is paramount for most organisations,” he said. “So we had to start looking at how we could reduce that threat.”
According to Verizon’s 2017 Data Breach Investigations Report (DBIR), last year 66 percent of malware was installed via malicious email attachments, and the use of email as a threat vector had grown rapidly that year to supplant other techniques.
“Looking through the lens of DBIR data, web drive-by downloads were the number one malware vector in the 2016 report, but were supplanted by email this year,” Verizon said. “Social actions, notably phishing, were found in 21 percent of incidents, up from just eight percent in the 2016 DBIR.”
Cvetkovic said Swinburne had chosen Mimecast based on the depth and breadth of its capability and its integration with other services the university has implemented to reduce security risk, particularly PhishMe.
“We do a lot of phishing simulations at Swinburne to help raise awareness and we are also looking at updating our firewall and other permitter protection to get better insights to where the threats are,” the CISO said.
“We use PhishMe to simulate internal and external spoofing and we are able to have Mimecast pass those without having to rewrite the URL. This enables us to identify our riskiest people, by faculty, by department and help us to educate them and raise awareness of phishing.”
He said that with Mimecast “close to zero external threats are getting through,” but ones coming from compromised Swinburne email addresses still cause problems.
He said there were almost zero false positives. “We did get a few but working with Mimecast tech support and with the users we have been able to reduce those to the point where we are not getting any,” he explained
Roll out of the service, he said, had been easy: “Mimecast professional services assisted use with out of the box policies and scenarios based on best practice. We applied those and then started looking at how we needed to augment those. Within a week we had it fully implemented.”
Mimecast had enabled Swinburne to better understand the threat landscape and target its security accordingly, he added.
“The level of sophistication [of email attacks] has increased. It used to be a scattergun approach: Sending out as many emails as possible in the hope of catching a few victims.
“Now the cyber criminals are becoming more patient and more sophisticated. They are starting to learn more about a target organisation, to look at the branding of an organisation. The good ones are getting harder to detect.
“Having a product like Mimecast has allowed us to examine the level of sophistication and to respond better. We can see trends in terms of time, sophistication, type of attack: for example whether there is an increase in attempts to seed malware into the network. That allows us to focus on other controls to ensure we have a balanced approach without going over the top.”