Just a Fifth of Manufacturers Have Strongest Anti-Phishing Protection
A majority of global manufacturers are inviting unnecessary extra cyber risk by failing to properly implement the DMARC email security protocol, according to new research from EasyDMARC.
The security vendor analyzed over 4700 domains belonging to some of the world’s biggest manufacturers.
The good news is that three-fifths (61%) had implemented the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. It’s designed to prevent phishing by automatically flagging and blocking any incoming emails thought to be spoofed.
However, for DMARC to do its job properly, it must be configured correctly. A “quarantine” policy will allow messages through, and direct them to the recipient’s spam folder, while “p=none” will let suspect emails straight through and into the inbox.
The best option is a “p=reject” policy, which means suspicious emails are automatically blocked before they hit the recipient’s inbox.
Read more on DMARC: UK’s Top 10 Universities Failing on DMARC.
Unfortunately, only 31% of organizations that had DMARC in place set it to p=reject. A similar number went with p=quarantine, while a plurality (44%) had the least secure configuration: p=none.
That means only a fifth (19%) of overall manufacturers have DMARC p=reject in place, exposing them to a greater risk of spoofing and impersonation attacks.
EasyDMARC warned that failure to put DMARC in place at all could put email deliverability and marketing efforts at risk, as Google, Apple and Yahoo all require the protocol for bulk email senders.
Gerasim Hovhannisyan, CEO of EasyDMARC, said the need for more email security was even more pressing given the growing use of AI tools by threat actors to enhance their offensive capabilities.
“It is deeply concerning that despite the rise in cyber-attacks within the manufacturing sector, the majority of top manufacturing companies remain unprotected against the growing threat of phishing and spoofing,” he added. “This negligence ultimately places the global manufacturing industry at grave risk, as we have seen with the increasing frequency of cyber-incidents.”
The manufacturing sector has been a popular target for data thieves and extortionists aware that companies store potentially lucrative trade secrets and have a low tolerance for outages.
It was the most targeted sector for such attacks last year, comprising 20% of the total – up 42% on the previous year, according to Orange Cyberdefense.
However, it’s not just manufacturers that have been slow to appreciate the importance of correctly implementing DMARC. A study from EasyDMARC last year revealed that only 1.2% of nearly 10 million .org domains in circulation had fully implemented DMARC p=reject.