Home Systems 95% of SGX 200 Companies Are Failing to Actively Block Fraudulent Emails

95% of SGX 200 Companies Are Failing to Actively Block Fraudulent Emails

by Shah Farouq

Proofpoint, Inc, a leading cyber security and compliance company, revealed that more than half (59%) of SGX 200 companies do not have the necessary email authentication protocols in place, leaving their customers, partners, and employees open to higher risks of email fraud.

In a recent analysis of SGX top 200 companies, Proofpoint research found that while 41% have implemented some form of email authentication protocol, only 5% of those companies have adopted the recommended strictest level of Domain-based Message Authentication, Reporting and Conformance (DMARC) protection that blocks suspicious emails.

The Senior Vice President, Asia Pacific and Japan at Proofpoint, Alex Lei said that implementing DMARC email authentication protocols is akin to having your passport checked at an airport – ensuring your identity matches who you say you are and that you have the necessary travel visas required.

“In a similar way, DMARC allows organisations to ensure that only legitimate senders are using their trusted domains to message employees, customers, and business partners to prevent email fraud and domain spoofing,” he mentioned.

Proofpoint’s research also shows Singapore is lagging its global counterparts in DMARC adoption. The United States’ Fortune 1,000 index shows an 82% DMARC adoption rate, the United Kingdom’s FTSE 100, and FTSE 250 sit at 72% adoption. Closer to home, Australia’s ASX 200 shows 69% DMARC adoption.

Lei added that the importance of putting in place strict email authentication policies cannot be understated, especially since our hybrid way of working in Singapore has placed a huge emphasis on communication via email.

“Without a DMARC policy, companies are basically leaving the doors to their sensitive information wide open for hackers and cyber criminals to exploit and are also putting anyone they work with – from employees, to clients, and partners – at risk,” he commented.

In fact, nearly six in ten of the SGX top 200 companies have no DMARC protocol in place at all, with the majority of these being Real Estate Investment Trusts (REITs).

This lack of protection against email fraud means exposing countless parties to imposter emails and business email compromise (BEC), since these attacks are designed to trick victims into thinking they received an email from an organisation leader like the CEO or CFO asking them to transfer funds (known as wire fraud), release sensitive or personally identifiable information, or hand over their credentials.

According to the 2021 Annual Crime Brief released from the Singapore Police Force, there has been an increase in the number of scams and cybercrimes reported in 2021 compared to 2020, accounting for 58.2% of the total cases reported.

“Trust is notoriously hard to earn but incredibly easy to lose. Therefore, we believe in helping organisations build trust with the companies and people they work with, by ensuring only authorised information gets sent through. After all, why would any organisation want to work with a company that doesn’t take cyber security seriously?” Lei concluded.

Related Articles

1 comment

DPaaS Monday, April 11, 2022 - 9:50:46 am

This comment is intended to help you secure your organisation’s email systems, in two distinct ways:

1. By making it difficult for fake emails to be sent from your organisation’s domains.
This will be achieved by configuring effective anti-spoofing controls on your domains. In summary:

• Sender Policy Framework (SPF) allows you to publish IP addresses which should be trusted for your domain.

• Domain Keys Identified Mail (DKIM) allows you to cryptographically sign email you send to show it’s from your domain. Although DKIM is not as widely supported as SPF, it has the advantage of being able to support forwarded email.

• Domain-based Message Authentication, Reporting and Conformance (DMARC) allows you to set a policy for how receiving email servers should handle email which doesn’t pass either SPF or DKIM checks. This includes untrusted emails, which should be discarded. DMARC also generates reports, which you can use to understand how your email is being handled.

2. By protecting your email in transit with TLS
Your service should be capable of sending and receiving email using Transport Layer Security (TLS).

You should protect all of your organisation’s domains, including where your organisation uses common Cloud email providers, such as Google G Suite and Microsoft O365.

This comment assumes readers have prior knowledge and experience of managing domains and email systems for their organisations.

The benefits of securing your email

When you implement anti-spoofing measures and secure your email while in transit, you:

Help protect the individuals and organisations you do business with by making it difficult for cyber criminals to spoof your email address

Help protect your brand and reputation

Reduce the costs of service down-time and time spent on dealing with the consequences of email fraud

Business cases

This list of benefits might be useful additions to any business case arguing for the implementation of these measures – especially when you use external providers.

Comments are closed.

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go