82% of unis at high risk of email phishing: Proofpoint

More than four in five (82%) of Australia’s higher education institutions are at elevated risk of email-based phishing attacks, Proofpoint has asserted.

The cybersecurity company said it has conducted a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of 132 of Australia’s public and private universities and other higher education institutions.

The analysis found that 82% of these institutions have not implemented the recommended strictest level of DMARC protection, with 24% having no DMARC record at all.

A plurality of 42% institutions only have DMARC – Monitor in place, which does not change how inboxes receive emails but allows senders to collect information about their email sources. A further 16% have DMARC – Quarantine, which directs unqualified emails to go to the recipient’s junk or spam folder.

Steve Moros, Proofpoint’s Senior Director, Advanced Technology Group, Asia Pacific and Japan, said the findings are concerning in light of the recent ACCC report finding that Australians lost almost $80 million to email-based attacks in 2023, and that email is the second most popular delivery method for scams targeting Australians behind text messages.

“No matter their size, popularity or financial standing, universities and higher education institutions remain an attractive target for cybercriminals due to the large and diverse amount of data they store. They also hold some of the most valuable data in the country, which can be attractive to cybercriminals for a range of reasons,” he said.

“Implementing email authentication protocols such as DMARC provides a crucial line of defence to strengthen protection against email scams and ensure the safety of students, staff, and other employees and stakeholders from harmful cyber threats.”

Image credit: iStock.com/monkeybusinessimages