top 100 breweries image

Cheers to 2022!

To kick off the new year in our DMARC adoption research, we’re taking a look at the world’s top 100 breweries based on ratebeer.com’s most recent list. Here’s what we found:

  • 83% had no DMARC record
  • 7% had a DMARC record with a p=none policy
  • 7% had a DMARC record with a p=quarantine policy
  • 2% had a DMARC record with a p=reject policy

The recent history of breweries being attacked shows that these organizations are in the crosshairs of cyber criminals, especially when considering that the global beer market reached a value of $623 billion in 2020.

That same year, Lion, the owner of New Belgium and Bell’s breweries, among others, was hit with a ransomware attack that halted operations and production. In 2021, Molson Coors experienced an attack that interrupted operations, production and shipping. Also in 2021, Damm’s production at the main brewery near Barcelona dried up after a cyber attack.

“The impact to manufacturing businesses like brewers can be significantly higher as ransomware can accidentally or intentionally disrupt process controls, which is much harder to recover from than just doing a backup of the IT systems,” Phil Kernick, CSO of CyberCX, said.

Process controls and network disruption aren’t the only problems. When an employee accidentally clicks on a virulent link, it opens the door for ransomware or another form of malware. With a foot in the door, criminals can access a brewery’s network to steal valuable data like customer account information, third-party data, human resource info, and, not the least, intellectual property like beer recipes and production techniques.

Small craft breweries face the same cybersecurity threats as larger ones, and small shops typically don’t have an internal IT security staff to keep an eye on risks. But like massive breweries, small ones are more connected than ever and online business is booming during the pandemic. Like any other organization, a data breach can cause production and delivery downtime, revenue loss and brand erosion.

Email is involved in more than 90% of all network attacks; without DMARC, it can be hard to tell if an email is real or fake. DMARC allows people to protect their domains from unauthorized use by fighting phishing, spoofing, CEO fraud, and business email compromise.

DMARC’s utility as an anti-spoofing technology stems from a significant innovation; instead of attempting to filter out malicious email, why not provide operators with a way to easily identify legitimate email? DMARC’s promise is to replace the fundamentally flawed “filter out bad” email security model with a “filter in good” model.

We’re here to help people implement and manage DMARC for the long haul. Get in touch with us or give our DMARC Management Platform a complimentary test run. Our onboarding and support team will help you along the way.

Want to continue the conversation? Head over to the dmarcian Forum