Cybersecurity and compliance company, Proofpoint Inc, in collaboration with Help AG, have recently released research identifying that almost a third (31%) of the Forbes Top 100 Middle East Companies do not have a Domain-based Message Authentication Reporting & Conformance (DMARC) record in place. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increases the risk of email fraud targeting their customers.
Only 24% of the Top 100 Middle East Companies have ‘reject’ in place, which means a large majority (76%) are not proactively blocking fraudulent emails from reaching their customers. Reject is the strictest and recommended level of DMARC protection, a setting and policy that actively blocks fraudulent emails from reaching their intended target.
Email is and will continue to be the initial attack vector of choice for cybercriminals. Recent Proofpoint research on CISOs and CSOs in the UAE illustrated that 15% of organisations suffered a phishing attack in 2019, with an additional 15% suffering a Business Email Compromise (BEC) attack. For many organisations, the road to easing email fraud risk is paved with DMARC , an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated. DMARC verification relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain. DMARC is designed to protect employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.
DMARC Adoption Across Top 100 Middle East Companies
To gauge how quickly the DMARC standard is being adopted across the Middle East, Proofpoint, in collaboration with Help AG, conducted an analysis of the primary corporate domains of all of the Forbes Top 100 Middle East Companies. Amongst their thorough findings, the research highlighted that in total, 69% of the Top 100 Middle East companies have published DMARC records to begin protecting their employees, customers and partners from some forms of email fraud. This means, however, that the remaining 31% have no policy in place to protect them from domain spoofing. on top of this alarming figure, Proofpoint’s findings also delved into the sectorial demographics of the issue, and exactly which industries are leading the charge for the rate of DMARC adoption. 100% of logistics companies and 80% of banking and financial services providers have published a DMARC record. However, some other industries are clearly lagging behind, with only 50% of real estate and construction firms, and only 20% of companies from the retail sector have started their DMARC journey.
“Email fraud continues to provide great returns for cybercriminals and our latest research confirms that it‘s not going away,” comments Emile Abou Saleh, Regional Director of Middle East and Africa for Proofpoint. “As these threats grow in scope and sophistication, it is critical that organisations shore up their defences against email fraud by adopting technology like DMARC to protect their brand against impersonation. Additionally, as cybercriminals take advantage of the human factor to execute their campaigns, companies need to ensure they deploy effective security awareness training to educate employees about best practices as well as establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”
“As a leading cybersecurity services provider in the Middle East, it’s vital that we raise awareness of the dangerous risk of email threats that the top businesses in the region face. Email-borne cyberattacks are undoubtedly on the rise and organisations can take simple, recommended steps to protect their customers from the risk of email fraud by implementing a DMARC policy,” said Stephan Berner, CEO at Help AG. “At Help AG, we have started our DMARC journey and strive to enable more and more businesses in the region to do so too – and fast.”