A new survey of European-based clinics and hospitals has revealed less than one in 10 institutions have correctly implemented basic phishing and spoofing protection.
The new research by EasyDMARC revealed the security policies of 2,000 clinics and hospitals based in Europe. It found that only 144 – or 7.2% of the researched 2,000 facilities – have correctly implemented and configured security policies to flag, report and remove outbound phishing emails.
The survey reviewed the deployment of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard among European healthcare domains. First published in 2012, the DMARC standard enables the automatic flagging and removal of receiving emails which are impersonating senders’ domains, which is a crucial way to prevent outbound phishing and spoofing attempts.
EasyDMARC’s research found that only 32% of the reviewed domains had implemented the decade-old DMARC standard, of those institutions, only 144 (7.2%) had implemented a ‘reject’ policy that automatically rejects emails imitating a legitimate domain. More organisations that deployed DMARC had configured it to do nothing about impersonating emails, with 361 (18%) domains having no policy.
Gerasim Hovhannisyan, CEO and Co-founder, EasyDMARC, said: “Impersonating email domains is one of the most effective ways cybercriminals bypass organisational cyber-defences through phishing, spoofing and ransomware attacks. Far too many organisations are overlooking a vital tool in effectively preventing this present and persistent danger.”