The Risk of Being a Cybersecurity Straggler
Is your organisation part of the high-risk 'shrinking pond'?
With fewer targets, your organisation’s cybersecurity weaknesses are easier to spot.
IT is one of the fastest evolving industries today and cybersecurity is one of the fastest evolving sectors within the industry. Over the previous couple of decades cybersecurity has seen a huge evolution from in-sourcing to cloud, from hand-written rules to algorithms protecting customers in an automated fashion.
While the speed of change has challenged vendors and resellers to develop new products and services, it’s also become a double-edged sword.
On the one hand the fast-moving cybersecurity market provides customers with a vast array of services and features to help them secure their environment and protect their people. On the other hand, this presents to the customer a problem of understanding which security product or service is right for them. And in a lot of situations this leads to inertia, the organisation effectively choosing to do nothing instead of selecting from one of the myriad options.
The result? Organisations that aren’t moving forward with the latest cybersecurity trends and techniques are left behind in a 'shrinking pond' of technology laggards. For cyber attackers, that pond is a hunting ground filled with potential victims.
A shrinking pond equals double the risk
The problem of being a part of a shrinking pond of laggards is twofold: firstly, organisations that are protecting themselves with the latest cybersecurity defences are seen as harder targets so attackers will bypass them to attack those that aren’t protected with current measures. In other words, by being part of the shrinking pond you’re identifying your organisation as a soft target with a bright red fluorescent neon arrow essentially saying to the bad guys “We’re over here, my organisation isn’t as well protected as it could be!”
Secondly, the pond is constantly shrinking as more organisations make a decision about improving their cybersecurity and deploy new services or products to protect their assets. It’s simple mathematics – the smaller the pool, the more likely you will be attacked over time.
Of course the reverse is also true: those organisations that stay up-to-date with the latest cybersecurity defences are making a statement to the attackers that they’re not an easy target. Think about a burglar walking down the street. If they find a locked door, they’ll move on until they find an unlocked one.
The same is true with cybersecurity – attackers will test your front door to see if it’s locked, if it is they will move onto an easier target, one who hasn’t bothered to lock their door because they don’t think they’ll be attacked or because they live in a small town far from the big city (hint: thanks to the Internet attackers are close to everything!).
Have you left your DMARC door unlocked?
Many cybersecurity measures are difficult for an attacker to see before they trigger them. However, in the email security world, many defences are visible by an attacker from outside the organisation. In other words, an attacker can see if you’ve locked your front door without jiggling the handle.
This is particularly true with DMARC, the biggest security upgrade to email since the standards were released in 1982. DMARC records are listed in the DNS for each domain, so an attacker can quickly build up a list of potential targets by trolling the DNS. Thousands of domains can be checked in a matter of minutes for their DMARC records and those found with no DMARC, with incorrect records or even those just not following best-practice can be collated and specific attacks crafted for those different organisations with a few scripts and a bit of time.
The risk is even higher for certain sectors, such as government and finance, where there are fewer potential targets. Those organisations that aren’t deploying the latest cyber defences are particularly exposed when their peers are moving forward with current standards.
Talk about a shrinking pond!
In our latest annual DMARC survey of Australasian governments and businesses, we found that 75% of Australian federal government organisations (approx. 175) have deployed DMARC. That’s great news! But, for the remaining 25%, they’re some of 43 potentially high-value targets.
Attackers can tell a lot from your DMARC record
The final point related to this is that attackers are able to infer a huge amount about the sophistication of a potential target’s cybersecurity defences just by analysing the target’s DMARC record, or lack of them. For example, many organisations haven’t deployed DMARC and are wide open to spoofing and forgery attacks. But deploying DMARC with some common “mistakes”, such as pointing DMARC reports at an internal mailbox, can also imply that that site is probably cutting corners when it comes to cybersecurity. Attackers will see that as an opportunity to figure out what other areas are compromised.
Other common mistakes can also lead to a similar assessment, such as just copying your SPF record into your DMARC record (hint: this doesn’t work!) and are then labouring under the misapprehension that you have DMARC in place. Attackers will use this gap to their advantage.
DMARC – a revolution for cybersecurity
Over the past couple of decades, cybersecurity has evolved at lightning speed – even today, it remains one of the fastest-advancing sectors in the IT industry. Deploying DMARC has numerous email security advantages, but it also signals to potential attackers that you have your cybersecurity house in order – and they should move on to softer targets. DMARC really is a revolution in cybersecurity and not just in the email security world!