The end of the year offers a chance to pause and reflect on what 2020 may have in store. dmarcian’s General Manager of the Americas, Ed Carroll, shares his predictions for DMARC in 2020.
The end of the year can sometimes seem like an arbitrary mark on the calendar, but as it approaches, I don’t think there is anyone who doesn’t pause to reflect on the year that has passed and to imagine what the next year has in store.
It has been exciting for me to see awareness and adoption of DMARC and domain security grow steadily through 2019, and I thought I’d share my predictions for what 2020 may hold.
Rise in Vendor Email Compromise awareness
I feel like we’re going to see a more rapid adoption of DMARC in 2020 because threats like Vendor Email Compromise (VEC) are becoming pervasive and infamous. VEC, a specific type of business email compromise scam, targets vendors or suppliers via phishing emails by sending fake invoices to their customers.
We are already seeing more companies require DMARC compliance in security questionnaires for its vendors. Recently, a Canadian insurance company representative mentioned to me that they were deploying DMARC with a policy of at least p=quarantine because they do business with one of the largest banks in Canada.
As one of the most-targeted business verticals for cybercriminals, banks and other financial institutions are increasingly requiring DMARC enforcement for their vendors. We’ll continue to see this trend with larger organizations because they don’t want to be exposed to spoofing attempts targeting their vendors; in turn, this movement will have a trickle-down effect to mid- and small-sized businesses.
State and local governments will increasingly require DMARC
We’ll see more state and local mandates and suggestions to implement DMARC, as we’ve seen with SIMM 5315 for California. There are many smaller government domains that are outside of federal oversight, and we’ve seen a rise in local municipalities being targeted for phishing attacks via email. These regulatory mandates will help accelerate adoption of DMARC compliance across all verticals.
Uptick in interest from Managed Service Providers
We’ll continue to see a rise of Managed Service Providers (MSP) and Managed Security Service Provider (MSSP) in the cybersecurity space as a whole, and as advocates for DMARC in particular because there is such a shortage in cybersecurity talent, especially in small and medium-sized businesses (SMB). The folks at Ponemon Institute say that SMB cyber attacks have risen 55% compared to those in 2018, and the financial hits SMBs take (an average of $200,000) aren’t as easily recovered as those taken by larger organizations.
The uptick in MSPs and MSSPs will be driven by three factors:
- Organizations who have tight budgets can find great value in outsourcing their security obligations.
- MSPs provide an opportunity to supplement in-house talent with strategic expertise.
- With the proliferation of phishing and spoofing targeting SMBs, MSPs provide a vital role in helping these organizations roll out domain-security measures and become compliant with cyber regulations.