Similar to a credit score, the TrustIndex is a composite score on a scale of 1, lowest level of security, to 1000, the highest level of security. Criteria include consistency of brand authenticity and adoption of DMARC, an industry standard that defines a security framework for email senders and receivers.
The first TrustIndex examined four vertical industries threatened by email attack — Social Media, Financial Services, Internet Retail, and Online Travel — and rates Online Travel and Internet Retail as least trusted and most vulnerable to email attack.
Key findings by industry:
Social media, a favorite target of cyber criminals, scored the highest on the Email TrustIndex. A secure email channel is critical to achieving and sustaining viral adoption so it is not surprising that social media companies would be the leaders in taking on cyber criminals and finding new ways to secure their email channel. Further, as more businesses, including small and medium sized businesses, use social media to grow their businesses and introduce new marketing approaches, there will be continued focus on maintaining high security levels
Financial services, coming in as a close second to Social Media, has been working across the industry to combat cyber crime to protect their customers and reputations. In fact, leading sinancial services organizations FS-ISAC and BITS took the dramatic step earlier this year of adopting the Email Trusted Registry and partnering with technology firms such as Agari to aid its members in securing their email channels. Clearly, these efforts are paying off.
Internet retail scored much lower on the TrustIndex when compared to Social Media and Financial Services, putting these firms at high risk of an attack. According to a recent IDC report, “Ten years ago, government, financial services, and very large enterprises were the target of cybercriminal activity, but over the past five years, attacks have enlarged their scope to even commercial SMBs offering high-value targets (e.g., financial information, intellectual property, and other proprietary data).” Cyber criminals are shifting away from their traditional targets of government, financial services and very large enterprises to commercial SMBs. In time, there will be broader adoption of security standards as this emerging industry matures and implements new technologies.
Online travel scored the lowest on the TrustIndex with a score less than half the score of Social Media, which is alarming given the surge in phishing attacks over the past six months that have included Southwest Airlines, Delta Airlines, American Airlines and a Brazilian Airlines, TAM, to name a few. Consumer trust in email messages and willingness to purchase online will be impacted. According to a recent Gartner report, “40% of U.S. consumers have altered their online behavior due to safety concerns, which has reduced their level of trust in email messaging and online shopping.” Financial Services firms could serve as a model for how the online travel and airline industry could collectively take action against phishing and other cyber scams.
“Our members comprise some of the world’s largest and most prestigious financial firms. By coming together through FS-ISAC and BITS, our industry has been able to put into place successful protections against cyber criminal attacks. By working together to promote technologies such as DMARC and the Trusted Registry, the financial services sector is advancing its objective to keep our customers and our brands safe,” said Eric Guerrino, Executive Vice President, FS-ISAC.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.