Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

ASX 200 companies vulnerable to email risks

Over two-thirds of publicly listed organisations are susceptible to fraudulent email threats, according to new Proofpoint research.

user icon
Tue, 08 Mar 2022
ASX 200 companies vulnerable to email risks
expand image

New research from cyber security and compliance firm Proofpoint has found 78 per cent of ASX 200 companies lack adequate security protections against email threats, failing to implement the recommended level of Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols.

Of the 69 per cent of ASX 200 companies that have adopted a DMARC protocol, just 22 per cent have an appropriate level of protection.

“Email continues to be the number one threat vector for cyber criminals, and as some of the most recognisable brands in Australia, ASX 200 companies are and have been obvious targets for email-borne attacks,” Steve Moros, senior director, advanced technology group, APJ at Proofpoint said.

============
============

“All organisations with or without a hybrid working model rely heavily on the email ecosystem to conduct business between suppliers and vendors, employees, customers, and partners, so the risk of compromise and brand damage is high.

“Yet Proofpoint research shows Australian organisations are underperforming when it comes to adopting people-centric cyber security solutions necessary to prevent adverse outcomes and reduce the risk of human (employee) activated attacks.”

According to Proofpoint, Australian organisations are lagging global counterparts in DMARC adoption, with the United States’ Fortune 1000 index reporting an 82 per cent DMARC adoption rate, followed by France’s CAC 40 at 75 per cent, and the United Kingdom’s FTSE 100 and FTSE 250 at 72 per cent.

Proofpoint’s State of the Phish Report also found Australian organisations have been hit harder by successful email-based cyber attacks compared to the US, UK and Japan, with 90 per cent of Australian firms reporting spear phishing, business email compromise (BEC) and email-based ransomware attacks in 2021.

Further, 92 per cent of Australian organisations reported a breach from a phishing attack, up 53 per cent from 2020.

This research comes as a 2021 report released by the Australian Cyber Security Centre (ACSC) identified BEC as an increasing threat to Australian businesses, with the average loss per BEC attack mounting to $50,600 – over one and a half times higher than the previous financial year.

“Business email compromise is one of the most common and disruptive types of attacks facing those organisations without proper protocols in place to secure their email communication channels,” Moros said.

“In fact, a 2021 Proofpoint survey of 100 Australian CISOs revealed BEC topped the list of attacks they felt most at risk from over the next 12 months.

“A major cyber breach on the ASX 200 would reverberate far and wide and have the potential to financially impact many stakeholders and organisations. This year marks 10 years since the DMARC protocol was created, however, it is concerning to see that some of Australia’s most prominent organisations are yet to leverage best-practice technology to protect themselves.”

Moros urged organisations to bolster employee awareness training and enhance cyber security standards.

“The ACSC already mandates stringent email authentication standards including DMARC, for all public sector organisations,” he added.

“It’s time all private companies also follow suit and reduce their attack surface area.”

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.