FOSTER CITY, Calif. (June 19, 2019) — A new assessment of security and risk vendors shows that most of these companies have an opportunity to adopt basic email security controls, in an effort to better protect their customers from third-party risks. The assessment, released today, was conducted by cybersecurity company, Agari, the next-generation Secure Email Cloud that restores trust to the inbox.
In response to these findings, Agari is now offering a customized email authentication assessment and complimentary guide to DMARC set up for security vendors so that the ecosystem can be better together.
Agari studied 205 security vendors attending this week’s Gartner Security & Risk Management Summit to understand adoption of basic controls that prevent abuse of vendor domains to spoof innocent end users and business partners.
The gold standard policy is for companies to have their DMARC policy set at “reject.” This policy ensures that unauthenticated emails will not be delivered to the inbox. Of the 205 vendors attending the event only 10 percent are at reject, which indicates the remaining companies are at great risk of brand impersonation attacks.
Analysis also shows that 11 percent are at quarantine. A quarantine policy allows unauthenticated or potentially “bad” emails from fraudsters to penetrate an individual or company email, landing in the spam folder. In 2016, a spear-phishing email landed in John Podesta’s spam folder, which he then clicked on, ultimately giving Russian nation-state attackers access to emails confidential to the Clinton bid for the U.S. Presidency.
Equally worrying is that the majority of vendors (n=160; 78 percent) have a “none” policy or no DMARC record at all, which means their companies are highly vulnerable to brand domain abuse, putting their customers, employees and executives at risk, unnecessarily.
“This is very much a case of the ‘cobbler’s children have no shoes’, where security vendors aren’t fortifying their own domains. We have an obligation to help raise the bar for the industry, and today are announcing a better together offer for our industry peers,” said Armen Najarian, CMO at Agari. “The assessment is designed to help our industry partners prepare for email authentication to protect their own domains from spoofing innocent end users.”
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud™ powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses and consumers worldwide. Learn more at www.agari.com.
Jean Creech Avent
Senior Director, Global Corporate Communications