90% of large tech companies vulnerable to email spoofing

Most companies have not implemented standards for authenticating emails and preventing hackers from successful phishing attacks, according to Valimail.

What attackers want when they hack email accounts Mark Risher, Google's director of product management for identity and account security, explains what hackers are looking for and how Google is ramping up account security.

Businesses and consumers see more than 1.2 million phishing attacks each year, as hackers use the effective social engineering attacks to con employees into clicking a malicious link or attachment. Despite how widely known and damaging these attacks can be, companies still fail to adequately prevent them from happening, according to a Friday report from Valimail.

Widely-accepted open standards exist for authenticating email and preventing phishers from spoofing domains with fake emails, but a majority of companies across industries have not made full use of them. The vast majority—90%—of large tech companies remain unprotected from impersonation attacks, the report found.

SEE: Security awareness and training policy (Tech Pro Research)

The report examined the primary domains for 525 global tech companies with revenues of more than $500 million annually, querying them for the presence of Domain-based Message Reporting, Authentication & Conformance (DMARC) records and Sender Policy Framework (SPF) records.

Nearly half (49%) of companies had DMARC records of some kind, indicating that they have begun to deploy this anti-phishing tool. But only about half (55%) of those companies have DMARC records that were correctly configured and set to a policy that will actually stop phishing and spoofing, the report found.

Companies are more advanced when it comes to SPF, the report noted, likely because it is older and better understood. Some 78% of tech companies analyzed are using SPF correctly, it added.

The presence of DMARC is positively correlated with a company's revenue, according to the report: Companies with DMARC enforcement had an average revenue of more than twice that of companies with no DMARC records at all, at $10.2 billion versus $5 billion.

For tips on how to prevent phishing attacks in your business, check out this TechRepublic article.

Also see

istock-847207382.jpg
Image: iStockphoto/C.Y.Ronnie.W

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.