Connect with us

Market Research

Eight Out of the Top Nine Online Retailers in the UAE Have a DMARC Record in Place



Proofpoint has released research that identifies that eight out of the top nine online retailers in the UAE have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place. However, only three out of the nine (33%) retailers have the strictest and recommended levels of DMARC protection in place, which allows them to identify and block fraudulent emails. This leaves customers of 67% of the top retailers in the country exposed to email fraud.

As retailers gear for high online sales volumes during the Black Friday and Cyber Monday special offers, it is imperative for them to ensure their customers are safeguarded against potential cybersecurity threats. Emile Abou Saleh, Regional Director, Middle East, and Africa for Proofpoint, said, “Cybercriminals are on the lookout for festive seasons and high sales period to drive targeted attacks through impersonation and retailers are no exception to this. While the Black Friday and Cyber Monday high sales period is a time to grab the best deals, it could also be a potential target zone for cybercriminals to attack. Our research has found that most retailers in the UAE are not implementing effective protection and email authentication best practices to safeguard themselves and their customers.”

Cybercriminals traditionally resort to domain spoofing by posing as well-known brands and sending out emails from supposedly legitimate sender addresses to trick the customers. These emails are designed to make the customers share personal details which can then be used to commit fraud. With a DMARC policy in place, retailers can protect employees, customers, and partners from cybercriminals. The UAE-based retailers, however, rank better in comparison to global retailers across the Forbes Global 2000, which comprises 70 companies. As per another survey by Proofpoint, 30% (21 out of 70) of the Forbes Global 2000 retailers have no DMARC record and are exposed to email fraud and domain impersonation.

Moreover, while 70% of the retailers in Forbes Global 2000 have achieved some level of DMARC implementation, only 20% (14 out of 70) retailers have achieved the highest level of protection and are proactively blocking fraudulent emails from reaching customers, partners, vendors, and employees. The research comes at a time of increased demand for online shopping in the UAE, with the market size of the e-commerce industry in the UAE expected to grow from seven billion US dollars in 2020 to reach 17 billion US dollars by 2025, after the adjustments for the effect of the COVID-19 pandemic on e-commerce, according to Statista.

“Organisations across all sectors should deploy authentication protocols, such as DMARC, to bolster their email fraud defences. From a consumer standpoint, it is vital to remain vigilant and check the validity of all emails and protect customers and businesses,” added Abou Saleh.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Market Research

Gartner Forecasts Worldwide IT Spending to Exceed $4 Trillion in 2022



Worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest forecast by Gartner, Inc. “Enterprises will increasingly build new technologies and software, rather than buy and implement them, leading to overall slower spending levels in 2022 compared to 2021,” said John-David Lovelock, distinguished research vice president at Gartner.

“However, digital tech initiatives remain a top strategic business priority for companies as they continue to reinvent the future of work, focusing spending on making their infrastructure bulletproof and accommodating increasingly complex hybrid work for employees going into 2022,” Lovelock added.

Enterprise software is expected to have the highest growth in 2022 at 11.5% (see table above), driven by infrastructure software spending continuing to outpace application software spending. Global spending growth on devices reached a peak in 2021 (15.1%) as remote work, telehealth and remote learning took hold, but Gartner expects 2022 will still show an uptick in enterprises that upgrade devices and/or invest in multiple devices to thrive in a hybrid work setting.

“What changed in 2020 and 2021 was not really the technology itself, but people’s willingness and eagerness to adopt it and use it in different ways,” said Lovelock. “In 2022, CIOs need to reconfigure how work is done by embracing business composability and the technologies that accommodate asynchronous workflows.”

Gartner’s IT spending forecast methodology relies heavily on rigorous analysis of sales by thousands of vendors across the entire range of IT products and services. Gartner uses primary research techniques, complemented by secondary research sources, to build a comprehensive database of market size data on which to base its forecast.

Continue Reading

Market Research

Digital Transformation and Workplace Evolution Driving Demand for PKI and Digital Certificates



Driven by organizational changes, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, while the related skills to manage PKI are in historically short supply, according to research from Ponemon Institute, sponsored by Entrust, a global leader in trusted identity, payments and data protection. The 2021 Global PKI and IoT Trends Study also revealed that IT professionals continue to see a lack of clear ownership, resources, and skills as the top challenges in deploying and managing PKI.

PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities, and the internet of things (IoT). As such, PKI holds the key to enabling the digital transformation that these technologies underpin, something that has been thrown into sharp focus over the course of the global pandemic and its impact on working practices.

Drivers and challenges of PKI adoption
When it comes to the most important trends driving the deployment of applications using PKI in the Middle East market, the Internet of Things (IoT) remains the fastest-growing trend at 46%, with consumer mobile applications being the second-highest driver, cited by 44% of respondents, and Cloud-Based services coming in third at 37%. The top challenge that impedes the deployment and management of PKI is a lack of clear ownership – cited by 84% of respondents in the Middle East. Globally, respondents have raised this issue as a top challenge for the past 5 years, indicating a key area of concern for many enterprises.

Insufficient resources and insufficient skills were rated as the second and third challenges in the Middle East at 57% and 53% respectively. Similarly, on a global level, the top challenges to enabling applications to utilize PKI were the existing PKI being incapable of supporting new applications (55%) and insufficient skills (46%). The areas expected to experience the most change and uncertainty according to respondents in the Middle East were external mandates and standards, which took the top spot for 30% of those surveyed, while newer applications, such the Internet of Things (IoT) came second (28%).

“PKI has never been in such high demand in the Middle East region – whether from the pressure of securing a remote or hybrid workforce this past year, or the continued growth of IoT and cloud-based services,” said Hamid Qureshi, Regional Sales Director, Middle East, Africa, and South Asia at Entrust. “At the same time, the skills and resources required to deploy and manage PKI continue to be in short supply – an issue exacerbated by lack of clear organizational ownership over PKI deployments. To deal with this complexity, organizations need a strategy first and products second to support this transformation. This means that they need a partner like Entrust who not only has the technological capabilities, but the heritage and expertise to help succeed in this environment.”

“Over the years we have been doing this study, it is clear that that the gap between the rising demand for PKI adoption and the challenges hindering it appear to be growing,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This has the potential to exacerbate the headaches organizations already feel and create gaps in their security postures. When you factor in that environments are more distributed with remote working, cloud and IoT, it’s clear that there’s an immediate need for many organizations to gain additional visibility, automation and centralized control.”

The Rise of Machine Identities
TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (81% of respondents globally). Private networks and VPN applications came in second (67%, up from 60% in 2020) and email security was third (55%, up from 51% in 2020), overtaking last year’s second and third positions of public cloud applications and enterprise user authentication. This change highlights the shifting focus on ensuring remote workers and distributed IT workloads can be kept secure.

The research also revealed that the average number of certificates organizations issue or acquire is still on the rise, up 4.3% from 56,192 in 2020 to 58,639 this year (and up 50% since 2019). While the number of human identities being secured has been relatively flat over the past few years, there are now more machine identities (devices and workflows) than human ones. This growth in machine identities is primarily driven by the growing use of IoT, cloud services, and new applications.

Regardless of the reason for the growth, the more certificates an organization needs to manage, the more critical proper management becomes. With one in five (20%) of respondents stating they use a manual certificate revocation list and nearly a third (32%) admitting they have no certificate revocation technique, these organizations risk being vulnerable to attacks and facing outages to critical systems and the consequent business disruption and cost that comes with that.

Continue Reading

Market Research

Hotel Brands in Dubai May Be Putting Customers at Risk of Email Fraud



Proofpoint has released research identifying that only 17% of hotel brands in Dubai have implemented the recommended and strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, which prevents cybercriminals from spoofing their identity and reduces the risk of email fraud. This may leave travellers visiting Dubai open to email fraud from 83% of the hotel chains.

Despite this, encouragingly, the analysis revealed that almost two-thirds of the hotel brands analysed have taken initial steps to protect their customers from email fraud, with 63% publishing a DMARC record. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increases the risk of email fraud targeting their customers. Reject is the strictest and recommended level of DMARC protection, a setting, and policy that blocks fraudulent emails from reaching their intended target.

Emile Abou Saleh, Regional Director, Middle East, and Africa at Proofpoint, said, “The hospitality sector has worked hard to build consumer confidence in the aftermath of COVID-19, rigorously implementing health and safety protocols and accelerating technology adoption to improve the guest experience. However, as our research shows, a majority of hotel brands in Dubai could be doing more to prioritise cybersecurity and ensure their customers are less vulnerable to email fraud. This is crucial given that email remains the number one threat vector for cybercriminals.”

The UAE and Dubai’s hospitality industry is preparing for surging demand, amidst the lifting of travel curbs from the US, UK, and Saudi Arabia, and the start of the six-month Expo 2020 in early October 2021. Sensing a prime opportunity from increased demand, cybercriminals may capitalise on the potential increase in email communications to try and trick hotel guests with phishing emails.

DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.

“While hotels have started to implement smart technology solutions to elevate the guest experience and offer personalized services, they should also prioritize deploying adequate email protection and inbound threat blocking capabilities (including deploying DMARC email authentication protocols) to make the hospitality experience better for all,” concluded Emile Abou Saleh.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.