Forbes Top 100 Middle East companies vulnerable to email fraud, reports Proofpoint research
Proofpoint in collaboration with its strategic partner Help AG has identified vulnerabilities in Forbes Top 100 Middle East Companies in a recent research conducted by both companies focusing on Domain-based Message Authentication, Reporting & Conformance (DMARC). According to the analysis, almost a third (31 percent) of these companies do not have a DMARC record in place, leaving their customers at risk of email fraud. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increases the risk of email fraud targeting their customers.
Email is, and will continue to be, the initial attack vector of choice for cybercriminals. In fact, recent Proofpoint research on CISOs and CSOs in the UAE illustrated that 15 percent of organizations suffered a phishing attack in 2019, with an additional 15 percent suffering a Business Email Compromise attack.
The research found that only 24 percent of the Top 100 Middle East organisations have implemented ‘reject’, the strictest and recommended level of DMARC protection, leaving 76 percent at risk of subjecting customers to email fraud. In total, 69 percent of the Top 100 Middle East companies have published DMARC records to begin protecting their employees, customers and partners from some forms of email fraud. This means, 31 percent have no policy in place to protect them from domain spoofing.
Some industries lead the charge for the rate of DMARC adoption - 100 percent of logistics companies and 80 percent of banking and financial services providers have published a DMARC record. However, some other industries clearly lag behind - only 50 percent of real estate and construction firms and only 20 percent of companies from the retail sector have started their DMARC journey.
For many organisations, the road to easing email fraud risk is paved with DMARC, an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated and is designed to protect employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.
“Email fraud continues to provide great returns for cybercriminals and our latest research confirms that it‘s not going away,” said Emile Abou Saleh, regional director of Middle East and Africa for Proofpoint. “As these threats grow in scope and sophistication, it is critical that organisations shore up their defences against email fraud by adopting technology like DMARC to protect their brand against impersonation. Additionally, companies need to ensure they deploy effective security awareness training to educate employees about best practices as well as establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”