Proofpoint, released research which shows majority of GCC banks (94%) have published a DMARC record (Domain-based Message Authentication, Reporting & Conformance), while 67% (34 of 51) have implemented the strictest and recommended level of DMARC protection (‘reject’). This shows that the GCC performs better than the global average, with 63% of financial organisations listed under the Fortune Global 500 having published a DMARC record, and only 39% (47 of 122) implementing the strictest and recommended level of DMARC protection, ‘reject’.
While two thirds of GCC banks have implementing the strictest DMARC levels of protection, one third of the banks may leave their customers vulnerable to email-based fraud.
DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’s identity before allowing the message to reach its intended designation. ‘Reject’ is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.
Haifa Ketiti, Senior Systems Engineer, Middle East at Proofpoint, said, “Email continues to be the vector of choice for cybercriminals and the financial sector remains a key target. Cybercriminals continue to impersonate leading organisations by sending out emails from supposedly legitimate sender addresses to trick customers. Our research has shown that many GCC financial institutions are still exposing people to cybercriminals on the hunt for personal and financial data by not implementing simple, yet effective email authentication best practices.”
Ketiti added: “The GCC financial sector is poised for strong growth post-Covid, especially as the World Bank has projected that GCC economies are set to expand by 5.9% in 2022. Therefore, building robust defences and cyber resilience by implementing DMARC, which verifies that the purported domain of the sender has not been impersonated, will be invaluable for GCC banks in the future.”