The benefits of deploying DMARC, an email security protocol meant to prevent email spoofing, the primary method used by hackers to transmit phishing emails and BEC scams, are still being overlooked by businesses worldwide.
According to a report that analyzed the DMARC policies deployed with 21,075 commercial and government domains, almost 79.7% do not use it.
The survey, conducted by email security and analytics firm 250ok, looked at domains from Fortune 500 companies, the US government, the China Hot 100, the top 100 law firms, international nonprofits, the SaaS 1000, education, e-commerce, and financial services, among other industries.
Because of the protocol's importance, the poll focused on DMARC adoption.
WHAT IS DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, reporting, and conformance protocol that runs on top of email servers that support the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).
DMARC allows email server administrators to set policies that can detect when an incoming email "From:" address isn't what it appears to be.
It's the finest tool firms have right now for recognizing faked emails that appear to originate from an employee or contractor but are actually sent by a threat actor attempting to impersonate a legitimate sender.
DMARC ADOPTION STILL VERY LOW
Even though DMARC has been there for a long time, businesses are still not using it.
Because hackers can easily make their emails look convincing and pass them off as official communications, most businesses are still vulnerable to BEC attacks, phishing emails, and other types of email scams.
Although DMARC has been there for a long time, businesses are still not using it.
Because hackers can easily make their emails look convincing and pass them off as official communications, most businesses are still vulnerable to BEC attacks, phishing emails, and other types of email scams.
According to a November 2018 Agari research, half of Fortune 500 organizations support DMARC; however, only 13% of those companies have set up DMARC rejection policies, implying that the DMARC protocol was installed but not used to prevent spam, phishing, and scams from faked domains.
A quarter later, in February 2019, the percentage of Fortune 500 organizations actively using DMARC policy had risen to 15%. This was a modest increase, but it was still insufficient, as it left hundreds of the world's largest corporations vulnerable to cyber-attacks.
DMARC ADOPTION IN CHINA LAGGING BEHIND
According to a recent 250ok poll, Fortune 500 businesses utilizing DMARC policies have increased to 23%. However, it is still quite low.
The SaaS 1000 sector, according to 250ok experts, had the best adoption, with 46 percent of enterprises utilizing DMARC.
The US government sector was another domain with a high level of DMARC policy acceptance, although not all of it.
In October 2017, the Department of Homeland Security (DHS) released Binding Operational Directive (BOD) 18-01, which directed US federal entities to apply a set of web and email security procedures, including DMARC.
According to 250ok, the US government's executive branch appears to have taken the BOD seriously since 81.5 percent of.gov domains utilize a DMARC policy to prevent faked emails.
The legislative and judicial branches, on the other hand, were seriously behind in terms of DMARC adoption, with only 17.3 percent and 13.0 percent of their domains implementing DMARC policies to prevent faked emails, respectively, leaving government employees vulnerable.
However, DMARC is not frequently used outside of SaaS companies and some.gov domains. Furthermore, 250ok researchers discovered the lowest adoption rate in China, where only 6.5 percent of surveyed organizations used DMARC rules to protect against faked emails.
"While most Chinese people have email addresses, they prefer to communicate through one of their local social media platforms, such as WeChat or SMS, according to Quartz.com. This would further corroborate the notion that email is not a priority for enterprises or consumers in the region, and it would shed more light on the general lack of email authentication uptake."
TANGIBLE BENEFITS ABOUND
While installing DMARC can be challenging because it also requires SPF and DKIM, the benefits to businesses that do so are substantial.
According to the FBI, BEC scams, the most common kind of cybercrime last year, cost US businesses approximately $1.3 billion in 2018.
In contrast, according to a report released in October 2018 by the Global Cyber Alliance, DMARC adoption helped organizations prevent losses from BEC schemes ranging from $19 million to $66 million in 2018.
While DMARC is difficult to set up, once it is, it can help businesses protect themselves from one of today's most common forms of cybercrime.
DMARC may not be a panacea for all sorts of cybercrime, but it can significantly reduce hackers' toolkits by eliminating "email spoofing."
Source: https://cyber-security-information.blogspot.com/2021/08/dmarcs-abysmal-adoption-explains-why.html
In order to protect customers from "fake Domino's phishing attacks," Domino's Pizza Enterprises has deployed domain-based message authentication, reporting, and conformance (DMARC).Back in early 2020, the quick-service restaurant (QSR) operator stated its security team reviewed "all-important email domains used by the firm and third-party partners to determine how email was being handled.
"Domino's said in a sustainability report issued today that "the team then implemented specific DMARC records that clearly identified who could send emails on our behalf."
[pdf]“This was then monitored, before progressing to ensure only external systems with approval from Domino’s could send emails on our behalf.”The DMARC installation was finished in March 2021, according to the pizza Enterprises, “protecting and verifying more than 51 email domains and more than 144 million emails per month.”“The project protects not only our customers and the public, but also the Domino’s brand, and increases the likelihood genuine Domino’s emails will be delivered,” the company said.“It's important that when a customer receives an email purporting to be from Domino's, it's sent by our teams, not by someone posing as Domino's - a major problem in the online retail world.”The DMARC project was part of a larger set of security initiatives undertaken by Domino's over the past year, some of which are still ongoing.In the financial year just gone, Domino’s said it conducted “data mapping exercises” across the group to improve security and governance protections for sensitive data.The company also made sure that administrative accounts and “those that have access to large volumes of data” had multi-factor authentication enabled.It also started work on a business continuity planning and disaster recovery programmer aimed at “identifying those systems, services, and data that are critical to the running of our company and work, as well as a risk mitigation programmer for any risks that may occur.”On top of protecting outbound emails, Domino’s said “more than 10 million online ordering customer accounts were protected this year from account takeover attacks”.It also said it processed 60 million security ‘insights’ every day, “generated from more than 26 different systems and services that we log and monitor.”It added that machine learning is used to triage these event notifications to aid its security operations team.
Every year first Thursday of May month is celebrated as World Password Day.
It celebrated first in 2013.
This day reminds everyone to keep a good habit of password hygiene or change your password more often in a year.
Due to the unresolved crisis from the starting of COVID-19, cybersecurity service provider like Sattrix Information Security have become more attentive regarding the protection of identity and access management of the remote workforce.COVID-19 was started to spread in the world in February 2020 and the 2nd wave effect is still going on in many countries like India, UAE, UK, USA, France, Brazil and many more.
Many countries in the world have caught in the hands of hackers from this COVID-19 themed attack.
2020 is become a historic year on the earth not only for pandemic waves, but also for several cyberattacks.For more details:- https://medium.com/sattrix-cyber-security-solutions/world-password-day-be-online-safe-and-secure-92165910be6d
MailSafi is exclusively built for teams and organizations that depend on business communication.
It is designed to simplify business email management for organizations running on-premise email systems and those that host their emails on shared hosting platforms.
This is achieved by systems and features that increase email reliability, email security, team collaboration and email uptime thus helping business decision makers take control of how email is used across the organization.Official Website: http://www.mailsafi.com/
Business owners often have to send sensitive information via email.
These emails can include things like financial records, personal identity documents and contact information of employees.
It is important that these emails are sent securely so they don’t fall into the wrong hands of cybercriminals.
