Online retailers, or e-tailers, are excelling in email security, with online-only pioneers such as Netflix and Newegg leading the pack, whereas the majority of retailers are lagging in implementing best practices, according to a survey from Agari.
Three-quarters of industries surveyed have yet to completely implement Domain-based Message Authentication, Reporting & Conformance (DMARC), an open standard to help reduce the potential for email-based abuse enabled on 70 percent of the world’s inboxes.
The travel sector saw threat volume increase by 800 percent in the second quarter, signifying a major target for hackers.
Mega banks, however, had the highest threat score in the second quarter, as consumers are 15 times more likely to receive a malicious email pretending to be from a major bank than they are from an airline.
“Financial institutions are clearly where the money is, making them major targets for cyber-criminals—they can directly hit the source,” Patrick Peterson, CEO and founder of Agari, told eWEEK. “While financial institutions are average in adopting email security best practices, only 43 percent have adopted DMARC standards and will remain a target until that percentage goes up.”
Peterson noted that, as his company has seen in recent months, health care organizations are becoming more and more susceptible to cyber-attacks because, like financial institutions, health care organizations have massive amounts of personal information that can be traded and sold on the cyber black market.
Health care had the lowest TrustScore of all industries—out of the 14 health care companies analyzed, 13 were classified as easy targets for cyber-criminals.
“E-tailers have long been in the business of online security, with Web pioneers like Amazon, Groupon and Netflix leading the pack. The experience e-tailers have with dealing with the evolution of the Web is mirrored in their security practices,” Peterson said. “However, newcomers such as Gilt, Fanatics and Wayfair still lack in terms of online security.”
He said these companies, along with physical to online retailers, must begin working within DMARC standards to ensure their customers and their brands are protected.
The report termed social media sites “security rock stars,” with Facebook, Google+, LinkedIn and Twitter having near-perfect email security scores.
Consumers witnessed a rise in the number and threat level of malicious email attacks in the second quarter, with many of the security incidents making headlines.
The CryptoLocker and GameOver Zeus malware and the recent hacking of 1 billion passwords by a Russian gang all involve security gaps from email, the report noted.
“One of the best pieces of news from this quarter is that, when you look at the report overall, companies were up 8 percent across the board in terms of trustworthiness,” Peterson said. “If we can keep moving at that percentage every quarter, a year from now, things could be very different.”
Peterson said everyday consumers can protect themselves by being aware of the emails they are opening—if anything looks phishy, don’t risk it—especially with emails containing attachments and links.
“Take a minute to be certain as you can that the source is legitimate and pay attention to red flags such as spelling and grammatical errors, as well as urgent language that is designed to make you quickly take action without thinking,” he said. “Another way to protect yourself is to filter your email. If you are ever unsure about an email’s authenticity, don’t open it, and instead, contact the individual or company in the manner you usually do. For an example, for a company, go directly to their corporate Website.”