Study finds big companies are not protecting against phishing attacks
A study of top companies in the United States, United Kingdom and Australia has found a majority have not yet implemented basic protections designed to protect against phishing attacks.
More specifically, they haven’t embraced Domain-based Message Authentication, Reporting and Conformance, or DMARC, which can help detect and prevent phishing, a method of impersonating people that targets know so they let down their defenses.
The research, from email security firm Agari Data Inc., found that 92 percent of U.S. Fortune 500 companies have left their customers, partners and brand names vulnerable to domain name spoofing and that conversely, only 8 percent of companies have implemented a full level of appropriate DMARC protections.
DMARC is an email-validation system designed to detect and prevent email spoofing, which is forging an email header so it looks like the message is from a legitimate source. It is designed to combat certain techniques often used in phishing and email spam. DMARC is claimed to virtually eliminate domain name spoofing and its associated attacks and is supported by major email providers, including Google Inc., Microsoft Corp. and Yahoo Inc.
By the numbers, only 39 of the Fortune 500 are enforcing DMARC with a quarantine or reject policy. An additional 124, or 24 percent, have adopted some DMARC policy protections that monitors but does not prevent domain name spoofing. The remaining 337 companies have done nothing at all.
Across the pond, the numbers don’t get any better. Only one company listed on the Financial Times Stock Exchange 100, the U.K. stock market index, has implemented a full DMARC quarantine spam folder policy, and only 6 percent had implemented a DMARC reject policy. Two-thirds percent have not published any DMARC policy at all. The numbers in Australia are just as bad, with 73 percent of companies listed on the Australian Stock Exchange 100 having no DMARC policy in place.
“DMARC is an essential tool that helps prevent spam, phishing and data loss,” Shehzad Mirza, director of operations of Global Cyber Alliance said in a statement. “GCA urges organizations of all sizes to embrace this technology standard to eliminate direct domain spoofing.”
Agari Executive Chairman Patrick Peterson noted that the problems are preventable using DMARC. “It is unconscionable that only 8 percent of the Fortune 500, and even fewer government organizations, are protecting the public against domain name spoofing,” he said.
Image: Agari
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU