An analysis from enterprise security firm Proofpoint highlighted that majority of airlines are exposing their customers to cyber risks, as cybercriminals are leveraging the global pandemic to deploy email frauds and phishing attacks. In a blogpost, Proofpoint revealed that 61% of airlines under the International Air Transport Association (IATA) do not have an active Domain-based Message Authentication, Reporting & Conformance (DMARC) record. IATA member airlines represent 82% of total air traffic.
Alarmingly, 93% of the global airlines have not implemented the recommended level of DMARC protection, known as Reject, which prevents dodgy emails from reaching users. And only 7% of airlines are proactively blocking fraudulent emails from reaching their customers’ inboxes.
What is DMARC?
DMARC is an email validation protocol intended to shield domain names from being exploited by threat actors. It authenticates the email sender before it reaches the receiver’s inbox. The protocol also verifies the domain of the sender as per the DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
“At a time when opportunistic cybercriminals may look to take advantage of such global uncertainty, the majority of international airlines are leaving their customers exposed to email fraud. making them potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting consumers,” Proofpoint said.
A Global Threat
Proofpoint stated that popular global airlines are failing to implement adequate email security measures, leaving themselves vulnerable to brand phishing and other fraud attacks. China and North Asia has the lowest level of DMARC adoption, with 85% having no published DMARC policy. This is followed by Asia Pacific (70%), Europe and Middle East & Africa (both regions at 57%) and the Americas (43%).
“When it comes to proactively protecting their customers against email fraud, China & North Asia fares the worst with 100% of its carriers not having the strictest DMARC policy in place (Reject). This is followed by Europe and the Middle East & Africa (both regions at 93%), and APAC and the Americas (both at 89%),” Proofpoint said.
“It is critically important that the communication methods used by airlines and every other industry is secure. We recommend implementing robust email defences and inbound threat blocking capabilities, including deploying DMARC email authentication protocols,” Proofpoint added.
Cyberattacks on Airlines
Keeping the growing cyberattacks on the Aviation industry in mind, ResearchAndMarkets.com released a report titled “Aviation Cybersecurity Market – Growth, Trends, and Forecast (2019 – 2024).” According to the report, the aviation cybersecurity market is expected to register a CAGR of around 11% during the forecast period of 2019-2024.
The industry relies heavily on IT infrastructure for its ground and flight operations. The security of these airline systems directly impacts the operational safety and efficiency of the industry, and indirectly impacts the service, reputation, and financial health. The report discusses cybersecurity in the aviation sector by solution and application spanning from airline management, air cargo management, air traffic control management, and airport management.