In a recent analysis of SGX top 200 companies, cyber security and compliance company Proofpoint found that 41% have implemented some form of email authentication protocol.
However, only 5% of those companies have adopted the recommended strictest level of Domain-based Message Authentication, Reporting and Conformance (DMARC) protection that blocks suspicious emails.
In fact, nearly six in ten of the SGX top 200 companies have no DMARC protocol in place at all, with the majority of these being Real Estate Investment Trusts (REITs).
This lack of protection against email fraud means exposing countless parties to imposter emails and business email compromises. Those attacks are designed to trick victims into thinking they received an email from an organisation leader like the CEO or CFO asking them to transfer funds, release sensitive or personally identifiable information, or hand over their credentials.
“Without a DMARC policy, companies are basically leaving the doors to their sensitive information wide open for hackers and cyber criminals to exploit and are also putting anyone they work with – from employees, to clients, and partners – at risk,” says Alex Lei, senior vice president for Asia Pacific and Japan at Proofpoint.
He continues: “Implementing DMARC email authentication protocols is akin to having your passport checked at an airport – ensuring your identity matches who you say you are and that you have the necessary travel visas required.”
See also: Tesla Cybertruck to go on tour in China to burnish tech cred
“In a similar way, DMARC allows organisations to ensure that only legitimate senders are using their trusted domains to message employees, customers, and business partners to prevent email fraud and domain spoofing.”
DMARC is an open email authentication protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing the message to reach its intended recipient.
Organisations using a DMARC protocol can implement three levels of policy for unqualified emails attempting to spoof their domains:
- Monitor -- Allows unqualified emails to go to the recipient's inbox or other folders
- Quarantine -- Directs unqualified emails to go to the junk or spam folder
- Reject (the highest level of protection) -- Blocks unqualified emails from getting to the recipient.
