New research into the DMARC status of every exhibitor at Europe’s leading infosec event reveals that almost two-thirds are failing to stop scammers impersonate emails purportedly coming from these ‘secure’ brands.
“Look, we know from our own customers that this protocol hasn’t been straightforward to deploy and maintain, so we’ve woven this defence mechanism into an automated application, taking the onus off single employees to install and manage,” said Rahul Powar, co-founder and CEO of Red Sift. “But it is a basic security protocol that everyone in the industry should be getting right – protecting your customers and partners against phishing attacks should surely rate higher on your list than attracting customers to the wildest stand at Olympia this week.”
Red Sift analysed the DMARC records for exhibitors’ primary email domains and found that of the 401 exhibitors peddling the latest technology solutions and most lucrative media partnerships, only 13% had executed DMARC at the fullest protection, meaning potential phishing emails can be stopped at the gateway, or redirected to the junk folder. But that leaves a shameful 87% risking the theft of their customers’ identity, money or data.
“Just to remind everyone, 91% of cyber attacks start with a phishing email, so why is the very industry that’s supposed to be defending against one of the greatest threats to our global economy ignoring this fundamental protocol that can stamp out phishing?” continued Powar. “Simply put, it’s negligent, more so when you consider government agencies are mandated to have DMARC in protection mode, and many vendors will find themselves caught short when one of these departments demands this protocol to be in place before an RFP is even considered.”
The embarrassing state of DMARC adoption in the information security world:
Fail: 46% of exhibitors do not have DMARC in place
Must try harder: 19% have tried to implement DMARC but have been unsuccessful
Valiant effort: 22% have implemented DMARC at the monitoring level – fraudulent emails will still make it to the inbox
Hooray! 13% have implemented DMARC at the protection level – fraudulent emails are stopped at the gateway or diverted to the spam folder
Red Sift is at Infosecurity Europe, London, 4-6 June 2019 at stand S159.
Research methodology: Red Sift conducted the analysis of the 401 companies (using primary email domains) exhibiting at Infosecurity Europe 2019 on 28 May, 2019.
About Red Sift
Red Sift is a data-driven cybersecurity company on a mission to democratise the technology vital for organisations of any size or sectors to defend against security threats. With a platform based on machine learning technology, Red Sift offers users a dashboard of tools – from network monitoring to email analysis and authentication – designed to safeguard users and brand reputation.
Founded in 2015 by serial entrepreneurs Rahul Powar and Randal Pinto, Red Sift is headquartered in London, UK, and boasts an impressive client roster including TransferWise, Telefonica, Action for Children, and top UK law firms.
Find out how Red Sift is delivering actionable cybersecurity insights to its global customers at www.redsift.com.