Domain spoofing is a common tactic used by phishers to trick victims into believing they have received an official email from a trusted business or contact. Technologies have been developed to detect domain spoofing and protect individuals from email impersonation attacks, yet many organizations have not implemented email validation protocols that can detect spoofing, and as such, their employees and other stakeholders are subjected to higher risks of email impersonation attacks.
Cybersecurity firm Proofpoint recently conducted an analysis of the adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC), which is an email authentication protocol for preventing the misuse of domains by cybercriminals for phishing, malware delivery, and other scams. DMARC is used to check the identity of an individual and verify they are authorized to send emails from a particular domain. There are three levels of protection provided by DMARC. At the lowest level is Monitor, where emails are monitored by not blocked. Then there is Quarantine, where spoofed emails are delivered to a quarantine folder, but those emails may still be accessed by users. The most secure level is Reject, where the emails are rejected if they fail the checks.
The study found that educational institutions are the worst offenders when it comes to the adoption of DMARC, with 97% of the top 10 universities in the United States, United Kingdom, and Australia failing to proactively block email spoofing using DMARC by setting a Reject policy. None of the top universities in the U.S. and U.K had a Reject policy set.
U.S universities had some of the poorest levels of cybersecurity out of the universities studied. Five of the top 10 U.S. universities had no DMARC record at all, not even Monitor. 65% of the top U.S. and U.K. universities had Monitor and Quarantine policies in place, and 17 of all 30 universities studied (57%) had implemented a Monitor policy. Only 4 of the 30 universities studied – 13% – had a Quarantine policy.
The findings of the research are troubling. The number of cyberattacks being conducted has been increasing year over year, as has the sophistication of attacks. Malware is most commonly delivered via email, and phishing is one of the biggest threats and is used extensively to gain access to victims’ networks. The education sector also stores large amounts of valuable data – the personal information of staff and students and research and intellectual property that is extremely valuable to cybercriminals and nation-states.
The pandemic has made matters worse, as there has been a shift toward remote learning which has further increased the attack surface and the risk from email-based attacks. Unsurprisingly, given the lack of cybersecurity protections in education and the high value of stored data, the education sector has been extensively targeted.
Proofpoint explained that the World Economic Forum found that 95% of cybersecurity issues are traced to human error and many CISOs are significantly underestimating the risk posed by users. Only 47% of education sector CISOs believe users to be their most significant risk.
“Email authentication protocols like DMARC are the best way to shore up email fraud defenses and protect students, staff, and alumni from malicious attacks,” said Ryan Kalember, EVP, Cybersecurity Strategy at Proofpoint. “As holders of vast amounts of sensitive and critical data, we advise universities across the U.S. to ensure that they have the strictest level of DMARC protocol in place to protect those within their networks.”