Clearly in the category of “hope over experience” some organizations naively believe that moving their email management to the cloud – most often using Microsoft Office 365 with Exchange Online – somehow will magically reduce their email-borne security vulnerabilities. Oops. Sorry, but that definitely is not the case. Unfortunately there is no magic in IT security, only the need for increased vigilance to keep up with the cybercriminals who pivot and innovate as needed to accomplish their goals.
This reality is highlighted by the ongoing crush of ransomware that is hitting organizations now. Mimecast, as a result of our management of the email security for nearly 20K organizations, sees a lot of email. Literally billions of them. And this means we see (and stop) an incredible amount and variety of malware, including ransomware. In fact, in recent months of all the malware we have seen, nearly half was ransomware. And the vast majority of that was one flavor of ransomware – Locky. But of course many other varieties of ransomware also are arriving on a daily basis.
Doesn’t managing email in the cloud somehow make it easier to provide security from email-borne attacks such as ransomware? Easier, yes. But better by default, no. For a taste of this ongoing challenge, check out the recent Cerber ransomware attack on Office 365 customers.
So what should organizations do? Stop moving their email management to the cloud? Absolutely not! Leveraging the cost and convenience benefits of the cloud is definitely valuable/advantageous for most, but organizations should take some of those savings and invest them in a cloud-based security solution that complements and extends the capabilities of their cloud-based email provider. Did you single source your email management and security when you operated on-premises? Why would you do this when moving to the cloud?
Where your email service is hosted doesn’t matter from a security perspective, as ultimately the responsibility for the security against both known and unknown attacks rests with your organization. And attackers are constantly innovating to work around your defenses and thus you need a specialist that constantly innovates right along with them!
Would you like to learn more about how to protect your cloud email client from ransomware attacks? Then click the banner below to download our FREE eBook!