At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Almost 19 percent of phishing emails bypass Microsoft Defender

    Check Point Software is one of the world’s best-known and largest infosec companies. In September 2021 they acquired email security company Avanan and recently they updated Check Point’s initial 2020 research about the email security effectiveness of Microsoft 365 and Defender.

    The report is very good and strikes the right tone. They start out by saying: “In general, Microsoft 365 is a very secure service. That is a result of a massive and continuous investment from Microsoft. In fact, it is one of the most secure SaaS services on the market. This report does not indicate otherwise.

    What this report does note is the challenge that Microsoft has. As the default security for most organizations, many hackers think of email and Microsoft 365 as their initial points of compromise. A good example of how hackers focus on Microsoft 365 comes in a series of blogs from Microsoft that details the attempts of a state-sponsored group to compromise their services.

    Hackers have stepped up their game.

    Microsoft is the most used and most targeted email service in the world. After a thorough analysis of nearly three million emails, Check Point found that at the moment Microsoft Defender misses 18.8% of phishing emails. Their previous 2020 analysis showed 10.8 percent of phishing emails reaching inboxes, so Defender’s missed phishing rates have increased by 74 percent. This represents not a decline in Microsoft effectiveness, but rather an increase in targeted attacks designed directly to bypass Microsoft. Hackers, in other words, have stepped up their game.

    Another interesting finding in the report showed that Defender sends seven percent of phishing messages to the Junk folder, so they can still be accessed by the user and possibly clicked on.

    It’s not all bad news though

    There are several areas where Defender does quite well. For example it catches 90 percent of unknown malware, and it’s also good at spotting attacks that spoof DMARC. Only 2.5 percent of those make it through to inboxes. It also does quite well with Business Email Compromise, with only 2 percent getting through. 

    However…

    When financial-based phishing attacks have been specifically crafted to bypass Defender it missed 42 percent of them. This category includes things like fake invoices and bitcoin transfers. Brand impersonation is another popular method hackers choose to bypass Defender and 22 percent of these emails get through. 21 percent of credential harvesting attacks also get through to users’ inboxes.

    Missed phishing rate higher in larger organizations

    The missed phishing rate is also higher in larger organizations, reaching between 50 and 70 percent. This is despite security operations center staff in large businesses devoting a large percentage of their time to email issues. One large company studied saw 910 reported phishing emails within one week, yet the IT team could only remediate 59 of these or less than seven percent.

    Defender vs. Secure Email Gateways

    In another study analyzing 300 million emails, Check point found that Microsoft is in the middle of the pack compared
    to the rest of the competition, in this case, Secure Email Gateways. Per every 100,000 emails, Microsoft’s catch rate of phishing emails is better than some Secure Email Gateways and worse than others. The report compares Avanan, Mimecast, Google, Proofpoint and Barracuda. To get the report, start with this article at Betanews. (Registration required.) 

    SEG’s are only part of the picture

    it is important to keep in mind that none of these SEG stop the phishes using any other medium beyond email (and maybe web-based social engineering using content filtering). They don’t catch SMS phishes, voice-call phishes, social media phishes, WhatsApp phishes, tailgating, and so on.

    Even if some magic solution came into being that solved the email phishing issue (highly unlikely), all organizations would still have to manage the ongoing social engineering problem. That’s why KnowBe4 trains your users about social engineering in general as the overall threat and how to defeat it REGARDLESS of the medium.

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top