KUALA LUMPUR: The majority of top firms in Malaysia are leaving their customers, staff and stakeholders exposed to email fraud and email-based attacks, according to United States-based cybersecurity and compliance company, Proofpoint, Inc.

In its analysis, the company found only 11 per cent of Malaysian companies featured in the Fortune Southeast Asia 500 have implemented the recommended and most stringent level of email authentication.

This authentication prevents cyber criminals from spoofing organisations' identities, thus reducing the risk of email fraud, said Proofpoint in a statement today.

Proofpoint head of systems engineering, Southeast Asia and South Korea, Philip Sow said email continues to be the number one vector for cybercriminals.

"As we approach the year-end shopping and holiday planning season, top Southeast Asian companies are leaving their customers vulnerable to email fraud and email-based attacks," he said.

Sow added that the lack of protection against phishing in Southeast Asia is particularly alarming and lags well behind other regions.

Therefore, it is essential for reputable brands to implement the most widely accepted email authentication protocol, called Domain-based Message Authentication, Reporting and Conformance (DMARC), to defend against domain impersonation and ensure spoofing emails do not reach their targets, he highlighted.

DMARC protects domain names from being misused by malicious actors, by authenticating the sender's identity before allowing an email to reach its intended destination.

This authentication system detects and prevents domain spoofing, which is an email phishing technique used for business email compromise (BEC), and other email-based attacks.

Proofpoint's research also showed that of all the organisations in Malaysia that have some form of DMARC policy in place, 68 per cent opt to implement DMARC on their own without expert assistance, running risks surrounding the lack of proper DMARC implementation.

It noted that while 83 per cent of Malaysian companies on the Fortune Southeast Asia 500 list have some form of DMARC adoption in place, only 11 per cent have a DMARC policy of "reject" in place, the strictest recommended level which blocks unqualified emails from getting to the recipient.

It noted Singapore (28 per cent) has the highest adoption rate for the strictest recommended level of email authentication, while the Philippines at 11 per cent, Thailand (10 per cent) and Indonesia (10 per cent).

-- BERNAMA