Cloud-based phishing and brand reputation damage control company Agari , a provider of Domain-based Message Authentication, Reporting and Conformance (DMARC) security solutions, is out with its 2013 Agari TrustIndex-Second Quarter Edition. This is always an interesting report to peruse since it provides a quarterly in-depth look at where consumers are most protected or vulnerable to e-mail attack across industry sectors including Financial Services, E-Commerce, Social Media, Travel, Logistics and Gaming.
Based on the evaluation of over 1 trillion e-mail messages, each industry sector is given a TrustScore and a ThreatScore, both trademarked names.
The TrustScore reflects adoption and deployment of security measures like DMARC.
The ThreatScore provides a measure of relative risk based on malicious activity and attempted attacks.
Agari has provided a visual of these in an infographic presented in the embedded slideshow.
As seen in the slide of the scoring charts, industry sectors in the TrustScore category based on an evaluation of the level of protection being afforded make for an interesting list. This is, after all, a measure of how well the sectors (best performers are noted) are using technology to protect their customers from the entreaties of bad actors.
A visit to the Agari site was made to get an explanation as to precisely what the index numbers represent, but as you can see, in rank order based on a high score being well protected, they were:
Social Media with a score of 73.1
Logistics 58.8
Internet Commerce 43.5
Financial Services 39.7
Travel 17
In addition, Online Gaming is a new category being tracked and had a score of 37.7
The good news is that all sectors seem to be doing a better job of protection when comparing Q1 to Q2 scores.
Where things get a bit dicey is on the threat front where scores offered what Agari calls, “Some concerning, but not surprising, statistics.”
Financial Services not surprisingly is a favorite target for cybercriminals. In fact, in keeping with the old saying that “people rob banks because that is where the money is,” the quarter saw the sector experience a 122 percent increase over the first quarter.
According to the report, “consumers are seven times more likely to be the victim of an attack with an e-mail from their bank versus any other sector.” Logistics’ ThreatScore dropped 24 percent but remains a high risk area, and Online Gaming also showed above average risks of attacks. Agari attributes the attractiveness of gaming as a target because of a younger audience, which may not be as savvy at distinguishing between valid and malicious e-mail.
As I have mentioned in previous articles, phishing may be relatively low tech compared to other types of malware and cyber threats, but it is effective and has become a lot more sophisticated. Indeed, it remains one of the best ways to steal people’s identities and a vector of vulnerability that can compromise corporations quickly that is growing in terms of exposure due to the proliferation of smartphones and tablets inside enterprises for personal as well as professional use. Plus, lest we forget, e-mail is still the way business is conducted.
The threat side is the reason so many enterprises are looking at encrypting email, and DMRC as a form of protection.