Menu
NZ government gets a 'D' when it come to rolling out DMARC security

NZ government gets a 'D' when it come to rolling out DMARC security

Australian federal government agencies rate much higher than their NZ counterparts

Thom Hooker (SMX)

Thom Hooker (SMX)

Credit: Supplied

New Zealand government agencies are lagging both large corporates and Australian government in implementing a key email security protocol that helps to fight ransomware and other threats.

Just under 20 per cent of 372 government agencies scanned by Auckland-based email security company SMX had implemented "domain-based message authentication, reporting and conformance", or DMARC in some form compared with 34 per cent of the top 100 companies and 57.9 per cent of Australian federal government agencies.

However, only 1.6 per cent of NZ government agencies could be described as having solid implementations - ones that instructed that non compliant emails be rejected or quarantined.

Seven per cent of NZ's top 100 companies were found to have solid implementations while 17 per cent of Australian federal government agencies did.

DMARC is an email authentication protocol released in 2015 and designed to fight against email spoofing that can lead to the compromise corporate systems, phishing attacks and scams.

While many more companies and agencies had some form of DMARC record many were either still at the experimental phase or, worse, had misconfigured records, SMX said.

DMARC records were found in 57.9 per cent of Australian federal government agencies, 34 per cent of the top 100 NZ companies and 19.9 per cent of NZ government agencies.

According to CERT NZ, financial losses due to scam and fraud totaled $14.5 million in 2019, with 87 per cent of that being due to email fraud. 

There was a 25 per cent increase in phishing and credential harvesting incidents compared to 2018.

Ransomware attacks, which are typically launched via email, are particularly threatening, with CERT NZ reporting last year that 70 per cent of the ransomware attacks reported to the agency since it was set up led to some form of loss for the victim.

SMX co-founder and email evangelist, Thom Hooker, said that despite the security advantage  DMARC offers, uptake of it remains low across both business and government in New Zealand.

Hooker said this poor uptake continued to put businesses and individuals at risk of financial or data loss while government agencies ran the risk of exposing personal data due to a privacy breach originating from an email scam.

“Given how much personal data is stored digitally with government agencies, each agency has a duty to take all appropriate measures to protect that data," he said.

"Our research shows that while a small number of government agencies clearly understand the risks and have implemented DMARC, many either do not or have been slow in adopting DMARC.”

Many of those who have gone down the DMARC path, however, had either failed to implement it fully or have made mistakes in doing so, both of which can lead them to underestimate the value it provides. 

"There clearly is a need for more education in the market," Hooker said.

DMARC should be a de facto part of any organisation’s security approach and its global uptake is vital to helping fight email-based cyber threats.

DMARC, he said, was one of the most significant evolutions in the history of email and it was time more organisations made use of it to protect themselves and their customers.

That 66 per cent of top 100 companies and 80 per cent of government agencies in New Zealand have no DMARC at all was "shameful", Hooker said.

The NZ government chief information security officer, Andrew Hampton, has been asked for comment.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags phishingemail securityscamsransomwareSMXDMARC

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments