I recently read Symantec’s “Internet Security Threat Report 2014 :: Volume 19“. Many of the report’s findings are not in the least bit surprising, for example, the continued use of social engineering as a means to gain access. In one section Symantec compares company size against the likelihood of a spear-phishing campaign; as it turns out, larger companies are more likely to have their employees targeted. I wonder if there might be a bit of sample bias here; after all, a larger company is more likley to have the resources to implement solutions to detect such attacks.
Overall I found the report to be quite thorough; however, I do have one complaint. The report mentions email 117 times, yet does not once mention the DMARC standard. I find this disappointing, especially in light of Symantec’s recent implementation of DMARC policy enforcement for Message Labs. Many of the email-borne threats discussed in the report can be prevented by DMARC. Surely “Implement DMARC policy enforcement on inbound email” should have made it into the “Best Practices” section.
I hope that Symantec’s next Internet Security Threat Report will leverage data from Message Labs to provide insight into the number and types of threats prevented by the DMARC standard.