Infosecurity Europe 2019: A-listers still failing to protect their domains

The elaborate stands have been dismantled, the armies of exhibitors have headed back to their respective offices and homes, and we can all breathe a sigh of ‘thank-goodness-it’s-over-for-another-year’ relief. But we’re left dumbfounded, yet again, that so many shining stars of the cybersec industry are stumped by DMARC implementation.

Let’s cut to the chase – last year, we decided to analyse the primary domains of the organisations exhibiting at 2018 Infosecurity Europe. This show hosts the crème de la crème of the cybersecurity industry, beacons of hope against the onslaught of data-thieving cyber attacks (bear with the hyperbole, I’m trying to make a point..) so we weren’t expecting the inadequate results that we uncovered.

In 2018, only 9% of those vendors claiming to solve your cybersecurity woes and offering the best of class protection on the market, had protected their own domains with DMARC at a level sufficient to stop phishing attacks at the gateway or sweep to the spam folder. And just to remind you, DMARC is the only surefire way to stamp out email impersonation – email impersonation which enables scammers to send you phishing emails – phishing emails that can dupe you into handing over data, money, confidential details about your SoC… just saying.

But wait, there is good news! We ran the research again this year, and can reveal an improvement – disappointingly, it was a very small increase, just 13% of 2019’s exhibitors had DMARC set at the p=quarantine or p=reject levels.

So, what does this research tell us, apart from the industry is painfully slow at responding to ratified global protocols?

  • DMARC is available to anyone – so if the industry pioneers aren’t implementing it, either hubris is setting in, or it’s proving more complicated than expected to configure it correctly
  • We shouldn’t trust security vendors because they say they’re cybersec geniuses – if they can’t protect their own, known domains, how can they protect your unknown digital infrastructure?
  • DMARC alone can’t protect your networks from intrusion or scammers exploiting vulnerabilities, but it is one of the layers of protection required to prevent phishing attacks – one of the biggest threats to any organisation in today’s age of digital comms.

If you are looking for support with DMARC deployment or simply want to find out more information about how to stop email spoofing, make sure you sign up to our OnDMARC trial for free!

PUBLISHED BY

Red Sift

12 Jun. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more
Certificates

Never miss an expiring certificate again with Red Sift Certificates Lite

Francesca Rünger-Field

SSL/TLS certificates are the backbone of secure, uninterrupted digital experiences—but managing them effectively to prevent downtime remains a persistent challenge. With browser and certificate authorities looking to reduce certificate durations to as little as 90 or even 47 days, keeping track of renewals has never been more critical. That’s why we’re excited to introduce…

Read more
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more