72% of global 2000 companies in ME exposed to email fraud risk: Proofpoint

Proofpoint (NASDAQ: PFPT), a leading next-generation cyber security and compliance company, has announced its analysis of the 57 Global 2000 companies located in the Middle East and their exposure to email fraud.

Email continues to be the vector of choice for cyber criminals. Recent Proofpoint research shows that infosecurity professionals reported a higher frequency of all types of social engineering attacks year over year – with 83 percent of global respondents experiencing phishing attacks in 2018, demonstrating a 9 percent year-over-year increase and 64 percent experiencing spear phishing attacks.

For many organisations, the road to easing email fraud risk is paved with DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated.  DMARC verificaiton relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain. This authentication protects employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.

DMARC Adoption Across Largest Middle East Companies

To gauge how quickly the DMARC standard is being adopted across the Middle East, Proofpoint conducted an analysis of the primary corporate domains of all 57 Global 2000 organisations located in the region in March 2019.

Key findings include:

  • 72 percent of the Middle East largest organisations are exposed to email fraud via domain spoofing.
  • In total, only 28 percent of the 57 Global 2000 companies located within the Middle East have published DMARC records to begin protecting their employees, customers and partners from some forms of email fraud.However, only 20 percent of those have published a strict “reject” policy (the most effective policy for defending against domain-spoofing). In the United Arab Emirates, 27% of the Global 2000 companies surveyed had a DMARC record in place.
  • Globally, the adoption level is the highest in the United States with 54%, followed by the Nordic region (Denmark, Sweden, Finland and Norway), the Benelux (Belgium, Netherlands, Luxembourg) and Australia, all at 49% and the UK at 47%.

Source: Proofpoint analysis, March 2019

“Email fraud continues to provide great returns for cybercriminals and our latest research confirm that it is not going away,” said Emile Abou Saleh, regional director of Middle East and Africa for Proofpoint. “As these threats grow in scope and sophistication, it is critical that organisations shore up their defences against email fraud by adopting technology like DMARC to protect their brand against impersonation. Additionally, as cybercriminals take advantage of the human factor to execute their campaigns, companies need to ensure they deploy effective security awareness training to educate employees about best practices as well as establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”