New survey by cybersecurity expert Mimecast paints a picture of a serious misjudgment of the threat
Email is still one of the most abused tools used by cybercriminals to attack companies. Nevertheless, many companies seem to underestimate the dangers of e-mail and domain spoofing. Are you following the new report Spoofing – underestimating danger? according to the cybersecurity expert Mimecast, just 34% of the German companies surveyed rate e-mail spoofing as one of the biggest cyber threats of the moment. However, according to the 2022 E-Mail Security Management report, just under half of the respondents reported that the misuse of their brand by spoofing emails had increased in the past year. Spoofing attacks can have serious consequences for companies and their brands, as both sales and reputation are at stake. This makes it all the more important that companies protect themselves and, above all, their customers from spoofing.
Loss of trust, reputational damage and loss of sales due to spoofing
Spoofing attacks are not only directed against the company’s internal workforce, which can become a “door opener” for malware and co. with every unsuspecting click. Customers or partners of brands and companies are also in the focus. For example, cybercriminals falsify email headers or company websites in order to deceive their stakeholders. The aim of the perpetrators is to obtain sensitive data of their victims. What follows can make a successful spoofing attack really painful, as a survey by Mimecast shows: According to the Brand Trust report, 50% of respondents would lose their trust in a brand if they had fallen for a fake website in its name, 48% would no longer spend money on the said brand after a successful phishing attack. Companies seem to be aware of these threatening scenarios: The new survey on spoofing shows that almost half of the respondents fear that a successful e-mail domain spoofing attack could damage the trust of customers. Nevertheless, less than half of the organizations surveyed say that email spoofing is currently one of the biggest cybersecurity challenges. In order to protect their buyers and at the same time protect their reputation and their sales opportunities, companies must take the threat posed by such attacks seriously.
DMARC supports IT teams with detailed protocols to prevent spoofing
In order to protect customers and themselves from the consequences of spoofing, the integration of DMARC can help. 93% of respondents feel well or very well protected against email spoofing – however, only 72% already use DMARC solutions. DMARC stands for ‘Domain-based Message Authentication, Reporting and Conformance’ and is an e-mail validation system that exposes cybercriminals who use the domain of a brand or a company without authorization. Thus, the use of DMARC prevents direct email spoofing. It is based on existing DKIM and SPF authentication techniques and includes another important component: reporting.
The DMARC reports provide security officers with detailed information about who is sending emails through the company’s own domain. With this information, the security experts receive information about whether your domain is being misused – and can take steps if e-mails fall through the DMARC authentication. Companies see the biggest advantages of using DMARC as protection against e-mail spoofing (55%), secure e-mail communication with partners and customers (50%) and improved protection of their own brand (39%). However, only a quarter of respondents say that the improved reputation of their domain is the most important advantage of the solution. One of the main reasons for implementing DMARC, however, should be the trust of customers in the brand; because which company wants to put the safety of its customers at risk?
Reasons for the missed DMARC adaptation
84% of companies without DMARC solutions seem to be aware of the effectiveness and are already planning to purchase appropriate security measures. The most cited reason why many companies have not yet rolled out a professional DMARC solution is with 61% agreement that other IT security solutions would have priority. In addition, about a quarter say that the known DMARC solutions are too expensive. 20% of the respondents consider the dangers of e-mail spoofing to be simply too low – in the worst case, this misjudgment can cost companies and their customers dearly.
“For many companies, the brand is their most important possessions. It provides orientation and conveys trust to customers – this must be protected under all circumstances,“ says Bernd Hohlweg, Director Marketing DACH at Mimecast. “Many people are not aware that by opening a fake email and clicking on it incorrectly, they could become an involuntary helper or a victim of a cyber attack. Accordingly, the responsibility is in the hands of companies and their brands. DMARC can relieve IT security teams extremely by providing detailed information that serves as a basis for decision-making.“
The Germany-wide survey was conducted by the market research institute Statista on behalf of Mimecast in February 2022. 201 IT decision-makers from companies with 250 or more employees from 13 industries were surveyed