90 percent of tech companies are vulnerable to email spoofing
Phishing is a major problem for large organizations, but while there are standards to authenticate email and prevent phishers from spoofing domains with fake emails, a majority of companies have not made full use of them.
The tech sector has moved faster than some but while they are beginning to implement protection many companies in this sector are still at an early stage with the result that 90 percent are still vulnerable to impersonation.
A new report from Valimail shows that 49 percent of large global technology companies have DMARC records of some kind, indicating that they have, at minimum, begun to deploy this anti-phishing technology.
The study examined the primary domains for 525 global technology companies with revenues over $500 million annually. And it shows that doption of DMARC is correlated with revenue. The companies with DMARC enforcement (meaning they are able to prevent spoofing) have an average revenue more than twice that of the companies with no DMARC records at all ($10.2 billion vs. $5 billion). Tech companies that have no DMARC records at all have an average revenue of $4.97 billion.
Of those examined, 183 domains (35 percent of the total) have DMARC records that are correctly configured, but have not been set to a policy that will actually stop phishing via spoofed 'From' addresses. Also 19 domains (3.6 percent of the total) have DMARC records that are incorrectly configured.
Author of the report Dylan Tweney, vice president of communications at Valimail concludes:
Higher rates of using DMARC and of DMARC enforcement are correlated with higher revenues, indicating that DMARC may be (or may be perceived as) a resource problem that smaller companies are unable or unwilling to tackle.
This study shows that, even among the most tech-savvy companies, there is still a need to simplify email authentication and make the process more effective and painless.
This is especially urgent given that tech companies are often the subjects impersonated by phishing campaigns.
The full report is available from the Valimail website.