A few weeks ago, I attended a very interesting event in Manchester where I had the incredible opportunity to speak to CISOs, CTOs and senior people in Technical/Security from a range of Enterprise and Public Sector organisations. From the conversations I was having, there was one clear topic of conversation – Supply Chain.
In recent years, there has been an increase of 600% of supply chain attacks[1], meaning supply Enterprise and Public Sector organisations are recognising this threat and are now starting to enforce stricter requirements on their suppliers. In short, the need for their suppliers to have DMARC in place is increasing.
In my last blog, I covered what DMARC is, so I won’t go into too much detail here. But for those who want a refresher, DMARC is a vital email authentication protocol designed to protect email domains from spoofing attacks, phishing, email interception and helps ensure email deliverability. Being the decision maker for when SPF and DKIM fails, DMARC is essentially the ‘final say’ in where your email goes.
Recognising the increasing sophistication of cyber threats, public sector and enterprise organisations are turning their attention to their supply chain to protect themselves. The inherent benefit of DMARC is that it protects the outbound emails, meaning that if a spoofing email was sent from a third-party supplier, that email wouldn’t end up in the inbox of the recipient at the public sector/enterprise organisation. Makes sense!
However, their attention doesn’t stop at the third party, they’re also looking at 4th and 5th parties for DMARC due to the nature of where these attacks originate from. If a spoofing email came from the 4th party and was sent to the 3rd party who was then compromised, the risk to the public sector/enterprise organisation has now significantly increased. Not only that, but the average time to detect and contain a supply chain related breach is 290 days[2].
Suppliers have a responsibility to protect their own business from attacks, and public sector/enterprise organisations are conscious that those suppliers are still businesses in their own right. What follows is usually a questionnaire, or some form of risk intelligence to understand where the risk lies …
Lack of proper security, especially in regard to DMARC (and by extension SPF and DKIM), could mean a termination of contract, or when the contract is due for renewal, the incumbent supplier is no longer considered. For suppliers hoping to win new business via tender contracts, they would very likely be out of the running in the early stages when their own security is not up to par.
I’m sure the above makes it clear, but as your clients’ MSP/MSSP/VAR, you have a responsibility to ensure your clients’ follow security best practices. But without these best practices, your clients are in a very real position of losing out on existing or new revenue streams. If a small organisation has one high-value customer that they lose, that could mean game over for them.
DMARC is the focus of these public sector/enterprise organisations, and they’re making sure their clients are at p=reject. But the DMARC journey isn’t simple. This is where Sendmarc comes in and can guarantee that your clients can get to p=reject within 90 days.
Want to find out how? Book in for a demo.
[1] Cyber Security Statistics: 2024 Trends and Data
[2] Cyber Security Statistics: 2024 Trends and Data