As the shining lights of the information security industry descend on London, Red Sift, a data-driven cybersecurity platform, has uncovered the disconcerting reality that three quarters of these industry leaders are falling short on essential email authentication measures, leaving their trusted brands open to email spoofing.
Red Sift analysed the DMARC records for exhibitors’ primary email domains and found that of the 372 security solutions vendors busily advising users on cybersecurity best practice at this year’s Infosec, 74% aren’t taking the right steps to implement DMARC and protect their own domains from email fraud. This ‘oversight’ is made all the more pertinent given recent research from Cofense (who, for the record, holds valid DMARC records) revealed 91% of cyber attacks start with email impersonation.
DMARC might be the ugly duckling of the (comparatively) glamorous cybersecurity world, but it’s an essential protocol that has been lauded by the National Cyber Security Centre as the most effective defence against email impersonation and therefore phishing. Red Sift used the annual Infosec event to look for evidence of DMARC implementation amongst attendees, however the research painted a faintly embarrassing picture:
Fail: 74% of exhibitors do not have DMARC in place
Must try harder: 9 organisations have tried to implement DMARC but have been unsuccessful
Valiant effort: 17% have implemented DMARC at the monitoring level – fraudulent emails will still make it to the inbox
Almost there: 4% have implemented DMARC at the quarantine level – fraudulent emails will still make it to the spam/junk folder
Hooray! 5% have implemented DMARC at the reject level – fraudulent emails are stopped at the gateway
“Infosecurity Europe is one of the highlights of the cybersecurity calendar. We’re star struck to be in such prestigious company, which is why our DMARC discovery feels like one of those moments you learn your all-time-hero thinks The Matrix is a documentary!” said Rahul Powar, CEO, Red Sift. “These events are timely reminders for firms to get their own houses in order. Global DMARC adoption is fairly low, which is why we’re here at the event to raise awareness and hopefully inspire more organisations to stamp out this vulnerability.”