INFRA
INFRA
INFRA
Study finds big companies are not protecting against phishing attacks
A study of top companies in the United States, United Kingdom and Australia has found a majority have not yet implemented basic protections designed to protect against phishing attacks.
More specifically, they haven’t embraced Domain-based Message Authentication, Reporting and Conformance, or DMARC, which can help detect and prevent phishing, a method of impersonating people that targets know so they let down their defenses.
The research, from email security firm Agari Data Inc., found that 92 percent of U.S. Fortune 500 companies have left their customers, partners and brand names vulnerable to domain name spoofing and that conversely, only 8 percent of companies have implemented a full level of appropriate DMARC protections.
DMARC is an email-validation system designed to detect and prevent email spoofing, which is forging an email header so it looks like the message is from a legitimate source. It is designed to combat certain techniques often used in phishing and email spam. DMARC is claimed to virtually eliminate domain name spoofing and its associated attacks and is supported by major email providers, including Google Inc., Microsoft Corp. and Yahoo Inc.
By the numbers, only 39 of the Fortune 500 are enforcing DMARC with a quarantine or reject policy. An additional 124, or 24 percent, have adopted some DMARC policy protections that monitors but does not prevent domain name spoofing. The remaining 337 companies have done nothing at all.
Across the pond, the numbers don’t get any better. Only one company listed on the Financial Times Stock Exchange 100, the U.K. stock market index, has implemented a full DMARC quarantine spam folder policy, and only 6 percent had implemented a DMARC reject policy. Two-thirds percent have not published any DMARC policy at all. The numbers in Australia are just as bad, with 73 percent of companies listed on the Australian Stock Exchange 100 having no DMARC policy in place.
“DMARC is an essential tool that helps prevent spam, phishing and data loss,” Shehzad Mirza, director of operations of Global Cyber Alliance said in a statement. “GCA urges organizations of all sizes to embrace this technology standard to eliminate direct domain spoofing.”
Agari Executive Chairman Patrick Peterson noted that the problems are preventable using DMARC. “It is unconscionable that only 8 percent of the Fortune 500, and even fewer government organizations, are protecting the public against domain name spoofing,” he said.
Image: Agari
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
