Agari, the leading provider of real-time, data-driven security solutions that detect and prevent advanced email cyber-attacks, has announced the results of its Q3 UK Email TrustIndex. Covering the period from July to September 2014, the report applies big data insights to identify sectors and a selection of companies in Europe that are vulnerable to email-borne cyber-attacks. With 11 vertical industries and 16 UK companies examined, the report revealed that only four are currently taking action to stop cybercriminals targeting their customers by exploiting their brand name via email.
The findings of the Q3 UK TrustIndex can be found here: http://info.agari.com/rs/agari/images/TrustIndex_UK_2014.pdf
To derive the TrustScore, Agari looked at the highest volume email sending domains for all 16 companies and analysed their implementation of email authentication standards, including SPF, DKIM, and DMARC. SPF allows email senders to specify which IP addresses are allowed to send email from a given domain. DKIM complements SPF by giving email senders a way to digitally sign all the outgoing email, letting email receivers confirm that no changes have been made to the email since it was sent. Finally, DMARC allows email senders to tell receivers when they should rely on DKIM and SPF for a given domain, and what to do when messages fail those tests. Only companies who implement all three standards with some level of success can achieve scores in the highest tier.
Patrick Peterson, CEO and founder of Agari, makes the following comments on the report:
“The findings of this Email TrustIndex indicate that many UK businesses are still not taking the necessary steps to protect their customers from email-borne phishing attacks. Indeed, it’s concerning to see that so many well-established organisations, including leading banks and retailers, are easy targets. Email was designed with a fundamental flaw – it does not support authentication. This means that any criminal can send an email purporting to be from a company.
“Email is the most simple and immediate way of reaching and staying in touch with customers, and ownership for defending customers from cyber-attacks in this critical channel lies with the enterprise. As this report highlights, the time has come to fully confront the challenge of email security. Implementing email authentication standards that detect and prevent email cyber threats ensures email can remain a trusted communication channel. While there are a select few organisations that are starting to adopt all three standards, a number of them are only implementing one or two, with SKY, Ladbrokes and Deutsche Bank not progressing with any of the three. This isn’t good enough. Only by providing comprehensive email authentication that includes SPF, DKIM and DMARC, will organisations be defending their reputation and fulfilling their responsibility to their customers.”