SINGAPORE –  19 February 2024 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research that found only 10% of the fastest growing companies in Singapore have implemented the recommended and strictest level of email authentication, which prevents threat actors from spoofing organisations’ identities and reduces the risk of email fraud.

The findings are based on an analysis of 97 of Singapore’s fastest growing companies¹. Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation protocol designed to protect domain names from being misused by cyber criminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject with reject being the most secure for preventing suspicious emails from reaching the inbox. 

“Email is the lifeblood of the modern economy — the daily exchange of millions of emails supports almost every aspect of business. Despite the strong emphasis on the importance of email authentication by security professionals globally, companies still fail to see the danger they put their stakeholders in without the implementation of DMARC policies,” said Philip Sow, Head of Systems Engineering, South East Asia and South Korea at Proofpoint. “Not adopting DMARC could open these companies to email fraud, thereby impending future growth opportunities if these companies fall prey to phishing and impersonation attacks.”

In the current landscape, Google and Yahoo! have announced a recent initiative. Starting February 2024, they now require email authentication to be able to send messages from their platforms. This move signifies that important steps being taken to prevent spam and scams. These security requirements will apply especially to accounts that send large volumes of emails per day, which will have to have the DMARC authentication protocol deployed, amongst other measures. Failure to comply will significantly impact the deliverability of legitimate messages to customers with Gmail and Yahoo! accounts.

Proofpoint’s research revealed that whilst 59% of Singapore’s fastest growing companies have adopted a DMARC protocol, only 10% are properly implementing DMARC to the recommended and highest level by blocking suspicious emails. Worryingly, this means that 41% Singapore’s fastest growing companies have not implemented DMARC at all, and those that lag in DMARC adoption will now need to catch up quickly if they wish to continue sending emails to their customers. Organisations that don’t comply could see their emails routed directly to customers’ spam folders or rejected all together.

The full findings of Proofpoint’s DMARC analysis of Singapore’s fastest growing companies show:

• 90% of companies currently do not enforce the recommended strictest level of DMARC (reject), while 41% of companies do not have any DMARC record at all and are wide open to email fraud and domain spoofing attacks.
• 59% of companies have some form of DMARC adoption in place, though these policy levels differ as follows:
  • 10% have DMARC – Reject in place, the strictest recommended level which blocks unqualified emails from getting to the recipient.
  • 19% have DMARC – Quarantine, which directs unqualified emails to go to the recipient's junk or spam folder.
  • 30% have DMARC – Monitor, which does not change how inboxes receive emails but allows senders to collect information about their email sources.

Below are some best practices Proofpoint recommends:

• Check the validity of all email communication and be aware of potentially fraudulent emails impersonating colleagues, suppliers, and stakeholders. 
• Be cautious of any communication attempts that request log-in credentials or threaten to suspend service or an account if a link isn’t clicked.
• Follow best practices when it comes to password hygiene, including using strong passwords, changing them frequently and never re-using them across multiple accounts.

This analysis was conducted in January 2024 using data from The Straits Times’s Singapore’s fastest-growing companies 2024 list.

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

¹The list of Singapore’s fastest-growing companies was taken from a list of 100 companies compiled by The Straits Times and global research firm Statista. Now in its sixth year, this ranking is based on the companies’ revenue growth from 2019 to 2022. As two companies had invalid email domains and two other companies shared the same email domain, the final analysis included 98 firms with 97 email domains.