Security Roundup: Funding Frenzy, Barracuda, Fake Email Barrage
… implementing industry-standard authentication protocols.
That’s according to Valimail’s Spring 2019 Email Fraud Landscape. The report also found that the vast majority of suspicious emails emanate from U.S.-based sources.
“It remains clear that fake emails from hackers, phishers and other cybercriminals constitute the major source of cyberattacks,” said Alexander García-Tobar, Valimail’s CEO and co-founder. “As more companies recognize and respond to email vulnerabilities, we expect to see organizations continue to deploy authentication technologies to protect against untrusted and fraudulent senders. The fact is that too many attackers are using impersonation to get through existing email defenses. A robust approach to sender identification and authentication is needed to make email more trustworthy, once and for all.“
It’s not all bad news, however. Ongoing research by Valimail also shows many industries are making progress in the fight against impersonation, some more quickly than others.
To compile this data, Valimail used proprietary data from an internal analysis of billions of email authentication requests and nearly 20 million publicly accessible records. The report confirms that email impersonation – accounting for 1.2% of all email sent in the first quarter of 2019 – is a phisher’s primary weapon to gain access into an organization’s network, systems, intellectual property and other sensitive assets.
Valimail notes that the fake email problem – which is not easily blocked by traditional cybersecurity defenses – can be better addressed by implementing widely accepted email authentication standards. These include domain-based message authentication, reporting and conformance (DMARC), sender policy framework (SPF) and domainkeys identified mail (DKIM), as well as newer standards such as authenticated received chain (ARC) and brand indicators for message identification (BIMI).
DMARC in particular has proven to be especially effective in preventing fake emails from reaching inboxes. The study shows that nearly four in five inboxes (80%) – that’s 5.34 billion globally – perform DMARC checks on inbound email, and nearly 740,000 domains now use DMARC.
However, enforcement rates with DMARC continue to hover around 20% in most industries, mostly because the solution is difficult to configure and maintain for large enterprises. For that reason, many domain owners have turned to third-party DMARC vendors to implement the solution for them, according to Valimail.