The elaborate stands have been dismantled, the armies of exhibitors have headed back to their respective offices and homes, and we can all breathe a sigh of ‘thank-goodness-it’s-over-for-another-year’ relief. But we’re left dumbfounded, yet again, that so many shining stars of the cybersec industry are stumped by DMARC implementation.
Let’s cut to the chase – last year, we decided to analyse the primary domains of the organisations exhibiting at 2018 Infosecurity Europe. This show hosts the crème de la crème of the cybersecurity industry, beacons of hope against the onslaught of data-thieving cyber attacks (bear with the hyperbole, I’m trying to make a point..) so we weren’t expecting the inadequate results that we uncovered.
In 2018, only 9% of those vendors claiming to solve your cybersecurity woes and offering the best of class protection on the market, had protected their own domains with DMARC at a level sufficient to stop phishing attacks at the gateway or sweep to the spam folder. And just to remind you, DMARC is the only surefire way to stamp out email impersonation – email impersonation which enables scammers to send you phishing emails – phishing emails that can dupe you into handing over data, money, confidential details about your SoC… just saying.
But wait, there is good news! We ran the research again this year, and can reveal an improvement – disappointingly, it was a very small increase, just 13% of 2019’s exhibitors had DMARC set at the p=quarantine or p=reject levels.
So, what does this research tell us, apart from the industry is painfully slow at responding to ratified global protocols?
- DMARC is available to anyone – so if the industry pioneers aren’t implementing it, either hubris is setting in, or it’s proving more complicated than expected to configure it correctly
- We shouldn’t trust security vendors because they say they’re cybersec geniuses – if they can’t protect their own, known domains, how can they protect your unknown digital infrastructure?
- DMARC alone can’t protect your networks from intrusion or scammers exploiting vulnerabilities, but it is one of the layers of protection required to prevent phishing attacks – one of the biggest threats to any organisation in today’s age of digital comms.