What do the Target breach, Heartbleed and Cryptolocker have in common? They all experienced fallout from the weakest link in the cybersecurity fence – email.
Today we released our 2014 Q2 edition of the Email TrustIndex, which identifies 147 companies across 11 industries to determine who has the highest and lowest risk for email brand attacks, and ranks the companies and industries to show who is taking action to stop cybercriminals from reaching consumers. Check out some of our key findings below. You can download the complete Q2 TrustIndex here to compare the the worst offenders with those who reach security rockstar status.
Q2 TrustIndex Findings – Why Brands Should Care
Industry Disparity in Email Security
Despite growing knowledge of email security weakness, some industries still haven’t fully confronted the challenge. Of the industries we surveyed for this report, three quarters have yet to completely implement DMARC security controls, which is the only email practice that prevents criminals from brand hijacking through email.
Travel Industry – Under Siege
One recent Cryptolocker attack involved mail that purported to be from a widely-used travel reservation site. The episode highlights an unfortunate fact of life about the travel business: It remains one of the most attacked in our survey. In the second quarter, in fact, its threat score shot up nearly 800 percent, far and away the biggest jump in the survey. Travel is a natural for the “social engineering” that occurs with all email attacks to motivate consumers to click based on their typical experience.
Banks Are a Criminal Target
You are 15 times more likely to receive a malicious email pretending to be from a major bank than you are from an airline or any other industry surveyed. So while Financial Services is average in adopting email security best practices, the TrustIndex reveals that only 43% have adopted DMARC and they remain a target until more of the industry gets on board.
Companies Taking Action
An 8% increase in the industry-wide TrustScore is good news – companies are taking action to protect their consumers from cyberattack and also are adding to the collective good. As specific industries strengthen their defenses, we see criminals move on to other industries that are easier targets.
Who Should Use DMARC to Prevent Email Cyberattacks?
Everyone. No matter how large or small your company is, no matter how much email your company sends, you could become the victim of domain spoofing and risk your business and others. The TrustIndex can help assess your risk and then leverage the work that Agari, Google, Yahoo!, Microsoft, AOL and others have done to provide you with the visibility that DMARC offers to protect your brand and make the internet a safer place for everyone.