INFRA
INFRA
INFRA
Study finds big companies are not protecting against phishing attacks
A study of top companies in the United States, United Kingdom and Australia has found a majority have not yet implemented basic protections designed to protect against phishing attacks.
More specifically, they haven’t embraced Domain-based Message Authentication, Reporting and Conformance, or DMARC, which can help detect and prevent phishing, a method of impersonating people that targets know so they let down their defenses.
The research, from email security firm Agari Data Inc., found that 92 percent of U.S. Fortune 500 companies have left their customers, partners and brand names vulnerable to domain name spoofing and that conversely, only 8 percent of companies have implemented a full level of appropriate DMARC protections.
DMARC is an email-validation system designed to detect and prevent email spoofing, which is forging an email header so it looks like the message is from a legitimate source. It is designed to combat certain techniques often used in phishing and email spam. DMARC is claimed to virtually eliminate domain name spoofing and its associated attacks and is supported by major email providers, including Google Inc., Microsoft Corp. and Yahoo Inc.
By the numbers, only 39 of the Fortune 500 are enforcing DMARC with a quarantine or reject policy. An additional 124, or 24 percent, have adopted some DMARC policy protections that monitors but does not prevent domain name spoofing. The remaining 337 companies have done nothing at all.
Across the pond, the numbers don’t get any better. Only one company listed on the Financial Times Stock Exchange 100, the U.K. stock market index, has implemented a full DMARC quarantine spam folder policy, and only 6 percent had implemented a DMARC reject policy. Two-thirds percent have not published any DMARC policy at all. The numbers in Australia are just as bad, with 73 percent of companies listed on the Australian Stock Exchange 100 having no DMARC policy in place.
“DMARC is an essential tool that helps prevent spam, phishing and data loss,” Shehzad Mirza, director of operations of Global Cyber Alliance said in a statement. “GCA urges organizations of all sizes to embrace this technology standard to eliminate direct domain spoofing.”
Agari Executive Chairman Patrick Peterson noted that the problems are preventable using DMARC. “It is unconscionable that only 8 percent of the Fortune 500, and even fewer government organizations, are protecting the public against domain name spoofing,” he said.
Image: Agari
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
