New research from email security provider EasyDMARC reveals that while 61 percent of top manufacturing companies have implemented the email authentication protocol DMARC (Domain-based Message Authentication, Reporting, and Conformance), only 19 percent have adopted the stringent p=reject policy which provides full protection against phishing and spoofing.
The study, which analyzed the top 4,796 manufacturing companies globally, found that 43 percent of manufacturers with DMARC used a low-security DMARC policy that allows suspicious emails to reach inboxes, but enables reporting on such activity. Almost one-third (31 percent) of the domains had a higher level of security, which quarantines suspicious emails in the junk folder, allowing users to decide if they are indeed untrustworthy. The least popular option was the most secure, at 30.8 percent, which immediately rejects emails that fail authentication checks, protecting organizations from potential harm.
DMARC is essential for automatically detecting and preventing email spoofing, a common tactic deployed in phishing attacks. Proper implementation of DMARC can dramatically reduce phishing risks by ensuring that emails failing authentication checks do not enter inboxes, thereby eliminating the risk of email users clicking on malicious links. Although the DMARC protocol has been available for over a decade, this EasyDMARC study indicates that the vast majority of manufacturers have yet to embrace its full protective capabilities.
The manufacturing sector has rapidly transformed in recent years, shifting from isolated programs to interconnected software systems leading to increased connectivity and data transparency. While this increasing interconnectivity is great for things like productivity, it also increases security vulnerabilities. In fact, as a result, The World Economic Forum has identified manufacturing as the most targeted industry for cyber attacks over three consecutive years. Despite these growing cyber threats, however, EasyDMARC has found the sector displays a low level of cyber maturity, highlighting the need for greater awareness about the importance of properly implementing stringent email protection.
While rising cyber attacks in the manufacturing sector may elevate protection as a top priority, lacking DMARC protections impacts not only security but also email deliverability. Google, Yahoo, and Apple all require DMARC for bulk email senders, with Microsoft set to follow suit. As a result, the absence of DMARC can lead to a significant impact on email deliverability, making email not just less safe but also less effective as a communication method.
This is particularly critical for business functions like marketing and sales, where email is a significant tool used to drive revenue. Without proper DMARC implementation, manufacturers risk their emails being filtered out by major providers, reducing the effectiveness of their communication and potentially harming their bottom line.
Gerasim Hovhannisyan, CEO and Co-Founder of EasyDMARC, commented on the research findings, saying: “It is deeply concerning that despite the rise in cyber attacks within the manufacturing sector, the majority of top manufacturing companies remain unprotected against the growing threat of phishing and spoofing. While it is encouraging that well over half of manufacturers have implemented DMARC, it is still concerning that nearly half (43 percent) have adopted a policy that offers very little protection. This negligence ultimately places the global manufacturing industry at grave risk.”