INTELLIGENT BRANDS // Enterprise Security

Out of the 100 schools surveyed by Proofpoint , almost half are found vulnerable to email fraud and domain spoofing .

Proofpoint ’ s analysis of Domain-based Message Authentication , Reporting and Conformance ( DMARC ) adoption among Australia ’ s 100 largest independent schools by enrolment size found that 42 % lack the most basic email protection .

These schools fail to take appropriate measures to proactively block attackers from spoofing their email domains , substantially increasing the risk of email fraud .

The analysis was conducted in April 2023 using data from the Australian Curriculum , Assessment and Reporting Authority .

Its findings follow Proofpoint ’ s recent State of the Phish 2023 Report , which found that nine in 10 Australian organizations ( 90 %) experienced at least one successful emailbased phishing attack in 2022 – with almost half ( 48 %) reporting direct financial losses .

“ No matter their size or number of students enrolled , schools remain an attractive target for scammers due to the large and diverse amount of data they store ,” said Steve Moros , Senior Director , Advanced Technology Group , Asia Pacific and Japan , Proofpoint .

“ From sensitive information such as addresses , contact details , medical records , bank and credit card information to employee information such as tax file numbers , cybercriminals will stop at nothing to obtain all data withheld inside a school system .”

Cybercriminals also see schools as being easy targets due to their lack of cyber specialists and the high probability that students will fall for phishing scams .

Cybercriminals exploit this well-known fact to extract personal information from students and staff by using luring techniques and disguising emails as messages from the school IT department or administration , often directing users to fake landing pages to harvest credentials .

Email authentication protocols like DMARC are the best way to prevent email fraud and protect students , faculty and alumni from malicious attacks .

“ As keepers of vast amounts of sensitive and critical data , schools across Australia must ensure that they have the strictest level of DMARC protocol in place to protect students and faculty within their networks ,” said Moros .

“ It ’ s incredibly concerning to see that only nine out of the 100 schools analyzed are protected from being impersonated by cybercriminals , especially following one of the biggest years for scams and data breaches in the nation ’ s history . Only when these schools start shoring up their cybersecurity defenses will they ensure that malicious emails can ’ t compromise their data .”

The full findings of Proofpoint ’ s DMARC analysis of the 100 largest independent schools show :

• 91 % of schools currently do not enforce the recommended strictest level of DMARC , while 42 % of schools do not have any DMARC record and are wide open to email fraud and domain spoofing attacks

• 58 % of schools implement some form of DMARC , yet the DMARC policy levels employed vary as follows :

• 9 % use DMARC – Reject ( the highest level of protection )

• 11 % use DMARC – Quarantine

• 38 % use DMARC – Monitor p

68 INTELLIGENTCIO APAC www . intelligentcio . com