Infosecurity Europe 2019: A-listers still failing to protect their domains

The elaborate stands have been dismantled, the armies of exhibitors have headed back to their respective offices and homes, and we can all breathe a sigh of ‘thank-goodness-it’s-over-for-another-year’ relief. But we’re left dumbfounded, yet again, that so many shining stars of the cybersec industry are stumped by DMARC implementation.

Let’s cut to the chase – last year, we decided to analyse the primary domains of the organisations exhibiting at 2018 Infosecurity Europe. This show hosts the crème de la crème of the cybersecurity industry, beacons of hope against the onslaught of data-thieving cyber attacks (bear with the hyperbole, I’m trying to make a point..) so we weren’t expecting the inadequate results that we uncovered.

In 2018, only 9% of those vendors claiming to solve your cybersecurity woes and offering the best of class protection on the market, had protected their own domains with DMARC at a level sufficient to stop phishing attacks at the gateway or sweep to the spam folder. And just to remind you, DMARC is the only surefire way to stamp out email impersonation – email impersonation which enables scammers to send you phishing emails – phishing emails that can dupe you into handing over data, money, confidential details about your SoC… just saying.

But wait, there is good news! We ran the research again this year, and can reveal an improvement – disappointingly, it was a very small increase, just 13% of 2019’s exhibitors had DMARC set at the p=quarantine or p=reject levels.

So, what does this research tell us, apart from the industry is painfully slow at responding to ratified global protocols?

  • DMARC is available to anyone – so if the industry pioneers aren’t implementing it, either hubris is setting in, or it’s proving more complicated than expected to configure it correctly
  • We shouldn’t trust security vendors because they say they’re cybersec geniuses – if they can’t protect their own, known domains, how can they protect your unknown digital infrastructure?
  • DMARC alone can’t protect your networks from intrusion or scammers exploiting vulnerabilities, but it is one of the layers of protection required to prevent phishing attacks – one of the biggest threats to any organisation in today’s age of digital comms.

If you are looking for support with DMARC deployment or simply want to find out more information about how to stop email spoofing, make sure you sign up to our OnDMARC trial for free!

PUBLISHED BY

Red Sift

12 Jun. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Email

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more
Email

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more
Email

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more