Stock cyber crime hacking
Get DMARC'ed... Doing so gives companies lower the risk of their emails being spoofed by cyber criminals and then target clients. Image Credit: Shutterstock

Dubai: Some of the Middle East’s largest companies may be exposing their customers to the risk of being compromised by cyber criminals, according to a survey by Proofpoint and Etisalat’s Help AG.

Around 69 per cent of the Forbes ‘Top 100 Middle East Companies’ have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place. In other words, 31 per cent of them are leaving customers at risk of email fraud.

“The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting their customers,” the survey said. Adding to the concerns is the fact that only 24 per cent of the Top 100 Middle East Companies have a ‘reject’ in place, which means a large majority (76 per cent) are not proactively blocking fraudulent emails from reaching customers. (Reject is a setting and policy that actively blocks fraudulent emails from reaching their intended target.)

Read More

Weak link

Emails will continue to be a central point of attack for cybercriminals. Recent Proofpoint research illustrated that 15 per cent of organizations in UAE suffered a phishing attack in 2019, with an additional 15 per cent suffering a business email compromise attack.

“Email fraud continues to provide great returns for cybercriminals and our latest research confirms that it’s not going away,” said Emile Abou Saleh, regional director of Middle East and Africa for Proofpoint. “As these threats grow in scope and sophistication, it is critical that organisations shore up their defences against email fraud by adopting technology like DMARC to protect their brand against impersonation.”

What's DMARC?

DMARC, an email protocol, is being adopted globally as the 'passport control' of the email security world. It verifies that the purported domain of the sender has not been impersonated. DMARC verification relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain.

The system is designed to protect employees, customers, and partners from cybercriminals looking to impersonate a trusted domain. Some industries in the region have led the charge in terms of DMARC adoption, according to the report.

Almost all logistics firms and 80 per cent of banking and financial services providers have published a DMARC record. However, some other industries are clearly lagging behind - only 50 per cent of real estate and construction firms and only 20 per cent of companies from the retail sector have started their DMARC records.

“Email-borne cyberattacks are undoubtedly on the rise and organizations can take simple, recommended steps to protect their customers from the risk of email fraud by implementing a DMARC policy,” said Nicolai Solling, CTO at Help AG.