According to Proofpoint research, the vast majority of GCC banks (94%) have published a DMARC record (Domain-based Message Authentication, Reporting, and Conformance), with 67% (34 of 51) implementing the strictest and most recommended level of DMARC protection (‘reject’). This demonstrates that the GCC outperforms the global average, with 63% of Fortune Global 500 companies publishing a DMARC record and only 39% (47 of 122) implementing the strictest and most recommended level of DMARC protection,’reject.’
While two-thirds of GCC banks have implemented the most stringent DMARC levels of protection, one-third of the banks may expose their customers to email-based fraud.
DMARC is an email validation protocol designed to prevent cybercriminals from misusing domain names. It verifies the sender’s identity before allowing the message to be delivered to its intended recipient. The strictest and most recommended level of DMARC protection is ‘Reject,’ a setting and policy that prevents fraudulent emails from reaching their intended recipient.
Haifa Ketiti, Senior Systems Engineer, Middle East at Proofpoint, said, “Email continues to be the vector of choice for cybercriminals and the financial sector remains a key target. Cybercriminals continue to impersonate leading organisations by sending out emails from supposedly legitimate sender addresses to trick customers. Our research has shown that many GCC financial institutions are still exposing people to cybercriminals on the hunt for personal and financial data by not implementing simple, yet effective email authentication best practices.”
Ketiti added: “The GCC financial sector is poised for strong growth post-Covid, especially as the World Bank has projected that GCC economies are set to expand by 5.9% in 2022. Therefore, building robust defences and cyber resilience by implementing DMARC, which verifies that the purported domain of the sender has not been impersonated, will be invaluable for GCC banks in the future.”