95% of SGX 200 Companies Are Failing to Actively Block Fraudulent Emails, Lagging Global Counterparts: Proofpoint

DigitalCFO Newsroom | 8 April 2022

Out of the SGX 200 companies, more than half have not adopted DMARC – exposing these organisations to email fraud and domain spoofing attacks.

Proofpoint, Inc, a leading cyber security and compliance company, today revealed that more than half (59%) of SGX 200 companies do not have the necessary email authentication protocols in place, leaving their customers, partners, and employees open to higher risks of email fraud.

In a recent analysis of SGX top 200 companies, Proofpoint research found that while 41% have implemented some form of email authentication protocol, only 5% of those companies have adopted the recommended strictest level of Domain-based Message Authentication, Reporting and Conformance (DMARC) protection that blocks suspicious emails.

Alex Lei, Senior Vice President, Asia Pacific and Japan at Proofpoint said, “Implementing DMARC email authentication protocols is akin to having your passport checked at an airport – ensuring your identity matches who you say you are and that you have the necessary travel visas required. In a similar way, DMARC allows organisations to ensure that only legitimate senders are using their trusted domains to message employees, customers, and business partners to prevent email fraud and domain spoofing.”

Proofpoint’s research also shows Singapore is lagging its global counterparts in DMARC adoption. The United States’ Fortune 1,000 index shows an 82% DMARC adoption rate, the United Kingdom’s FTSE 100, and FTSE 250 sit at 72% adoption. Closer to home, Australia’s ASX 200 shows 69% DMARC adoption.

Lei continues, “The importance of putting in place strict email authentication policies cannot be understated, especially since our hybrid way of working in Singapore has placed a huge emphasis on communication via email. Without a DMARC policy, companies are basically leaving the doors to their sensitive information wide open for hackers and cyber criminals to exploit and are also putting anyone they work with – from employees, to clients, and partners – at risk.”

In fact, nearly six in ten of the SGX top 200 companies have no DMARC protocol in place at all, with the majority of these being Real Estate Investment Trusts (REITs). This lack of protection against email fraud means exposing countless parties to imposter emails and business email compromise (BEC), since these attacks are designed to trick victims into thinking they received an email from an organisation leader like the CEO or CFO asking them to transfer funds (known as wire fraud), release sensitive or personally identifiable information, or hand over their credentials.

According to the 2021 Annual Crime Brief released from the Singapore Police Force, there has been an increase in the amount of scams and cybercrimes reported in 2021 compared to 2020, accounting for 58.2% of the total cases reported.

“Trust is notoriously hard to earn but incredibly easy to lose. Therefore, we believe in helping organisations build trust with the companies and people they work with, by ensuring only authorised information gets sent through. After all, why would any organisation want to work with a company that doesn’t take cyber security seriously?” concluded Lei.