-
Protective
measures
against
email
fraud
remain
widely
insufficient
among
leading
Asia
Pacific
companies.
-
Australia’s
high
adoption
rate
of
proper
email
authentication
(71%)
among
its
top
companies
sets
the
standard
for
the
Asia
Pacific
region
-
Around
50%
of
leading
Singapore
and
India’s
businesses
have
implemented
the
recommended
level
of
email
authentication
-
Concerningly,
less
than
20%
of
the
largest
organisations
in
Japan,
South
Korea,
China
and
Thailand
are
actively
protecting
their
customers
against
phishing
SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud.
These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes.
“Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.”
Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including
business email compromise (BEC) and phishing.
Key
findings
of
Proofpoint’s
DMARC
analysis
across
key
Asia
Pacific
markets
include:
-
Australia:
71%
of
the
top
Australian
companies
have
implemented
DMARC
at
the
recommended
levels
(reject).
All
the
top
Australian
companies
being
studied
have
a
DMARC
record.
-
Singapore:
46.2%
of
companies
analysed
have
DMARC
set
to
reject.
Yet
23.1%
do
not
have
any
DMARC
record
and
are
wide
open
to
email
fraud
and
domain
spoofing
attacks.
-
India:
50%
of
the
top
Indian
organisations
implemented
the
highest
level
of
DMARC
(reject),
with
30.9%
utilising
quarantine
and
11.8%
having
no
DMARC
record
at
all.
-
Japan:
Only
7.4%
of
top
Japanese
companies
have
a
DMARC
policy
of
reject
in
place.
65.6%
of
companies
are
at
the
monitor
level,
gathering
data
but
offering
no
active
protection
-
South
Korea:
Only
1.8%
have
implemented
DMARC
at
the
quarantine
level
with
none
at
the
reject
level,
and
51.8%
having
no
DMARC
record
at
all.
-
Thailand:
17.6%
have
a
reject
policy
in
place
to
block
unqualified
emails,
while
17.6%
of
companies
implemented
quarantine
and
52.9%
at
the
monitor
level
still.
- China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all.
Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes.
In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025.
Proofpoint
recommends
that
organisations
follow
these
best
practices:
-
Implement
DMARC:
Protect
your
domain
from
impersonation
by
implementing
DMARC
and
enforcing
it
at
the
reject
level.
Seek
expert
assistance
if
needed
to
avoid
blocking
legitimate
emails.
-
Educate
employees:
Train
staff
on
how
to
identify
and
avoid
potentially
fraudulent
or
suspicious
emails,
such
as
those
impersonating
colleagues,
suppliers,
or
customers.
-
Strengthen
passwords:
Establish
and
enforce
best
practices
for
password
management,
including
requiring
strong
passwords,
regular
changes,
and
never
re-using
passwords
across
multiple
accounts.
To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc
Hashtag: #Proofpoint
The issuer is solely responsible for the content of this announcement.
Support InfoStride News' Credible Journalism: Only credible journalism can guarantee a fair, accountable and transparent society, including democracy and government. It involves a lot of efforts and money. We need your support. Click here to Donate