SYS-CON MEDIA Authors: PagerDuty Blog, Michael Jannery, Pat Romanski, Elizabeth White, Liz McMillan

News Feed Item

Agari Q1 Trustindex Reveals Health Care, Retail and Banks Lag behind Etailers and Social Media in Consumer Protection in Wake of Malware Onslaught

Agari, the leading provider of real-time, data-driven security solutions that detect and prevent advanced cyberthreats, today released its 2014 first quarter edition of the Agari Email TrustIndex.

The 2014 Q1 TrustIndex covers the period from January through March 2014 and identifies the sectors and companies that have the highest and lowest risk for dangerous emails, and the sectors and companies that are taking action to stop cybercriminals from reaching consumers.

“In Q1, criminals amplified their use of email to spread data-theft malware with a specific focus on massive blitzkrieg attacks. Q1 illustrated yet again that organizations who secure their email channel not only have more consumer trust, but also fewer fraud losses, less operational overhead and stay out of headline news stories about security breaches,” said Patrick Peterson, Founder and CEO of Agari. “Despite a widening array of incidents where brands who are suffering criminal abuse trick consumers into taking action that leads to malware infection, major industry sectors fail to prevent cyberattacks with the DMARC standard. The massive volume spikes in blitzkrieg-style email attacks necessitate a proactive, preventive solution.”

Phishing is undergoing a rapid and dramatic evolution

In Q1 2014, Agari saw a dramatic evolution in phishing, with CryptoLocker “ransomware” and GameOver Zeus data-theft malware driving large attacks. CryptoLocker encrypts the user’s hard drive until a $400 Bitcoin ransom payment is made, and GameOver Zeus is the latest data-theft malware. These attacks abuse a growing number of domains, with attacks typically spiking from thousands of malicious emails per day to millions as the criminals attempt to let loose the malware barrage before the security industry can respond. Unfortunately, too many companies fail to join their peers in taking advantage of the DMARC standard.

Notable highlights from the Agari TrustIndex Report:

  • Health Care continues to be the worst performer across all measures of the study and most susceptible to email attacks and cyber-fraud. Health care records are five times more vulnerable than credit card data, categorizing all but one health care company as Easy Targets.
  • Financial Services was broken down into Payments, Mega Banks, Large Banks and Retail Banks (Europe) in Q1.
    • Retail Banks: in Q1 the ThreatScore for the largest retail banks jumped 500%, primarily the result of two months of heavy spamming connected with two banks. This shows that criminals are constantly shifting their targets and the attack landscape is volatile.
  • Social Media has been a consistent winner in security, with sites such as Facebook and Twitter achieving a perfect TrustScore of 100. These two companies were among the seven companies, out of 133 who achieved a perfect TrustScore.
  • Retailers v. Etailers
    • Retailers are still one of the main targets of email attacks, yet the sector’s ThreatScore decreased by nearly 53% from Q4 to Q1, indicating that fraudsters are aiming for higher profile attacks.
    • Etailers remain leaders in email security, with companies such as Netflix, Amazon and Groupon maintaining perfect, or near-perfect, TrustScores. Retailers have a long way to go to catch up to the security practices of Etailers.

About the Agari TrustIndex

The Agari TrustIndex contains ratings developed by Agari that reflects how fully organizations have deployed three standards (SPF, DKIM, and DMARC) across their primary active domains. While all three standards are deployed "behind the scenes" and are not directly visible to consumers in most cases, by looking at TrustIndex scores you can get a simple, easy to understand rating of how well any given organization is protecting their customers from receiving malicious email under the guise of the organization's brand and domain name. It's important to note that the Agari TrustScore reflects that level of security deployed by the organization, and is not directly related to the ThreatScore, which is an indicator of how high a level of attack is directed at an organization. A company could have a very high TrustIndex score and still have a high ThreatScore as well, as even though they've deployed effective security the bad guys are still trying to break in.

The Q1 TrustIndex includes the following industry sectors:

Financial Services

  E-Commerce   Other
  • Payments
  • Mega Banks
  • Large Banks
  • Retail Banks - Europe
 
  • Etailers
  • Retailers
 
  • Logistics
  • Airlines
  • Travel
  • Social Media
  • Health Care

*In this study, Mega Banks are retail banks with more than $5B in annual revenue; Large Banks have more than $2B in annual revenue.

The latest copy of the Agari Email TrustIndex is available for download here.

RELATED LINKS AND CONVERSATIONS

About Agari

Agari collects terabytes of email data from email receivers like Gmail and Yahoo! representing 85% of the email inboxes in the U.S., to provide global brands with a cloud-based SaaS solution that eliminates email threats, protects customers and their personal data, and proactively guards brand reputation. Today, Agari has analyzed over a trillion emails, and has blocked over a 2.5 billion malicious messages at a clip of over 200 per second. Founded by the thought leaders behind Cisco’s IronPort solutions, Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor, is headquartered in Silicon Valley. Learn more at http://www.agari.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Want to enable self-service provisioning of application environments in minutes that mirror production? Can you automatically provide rich data with code-level detail back to the developers when issues occur in production? In his session at DevOps Summit, David Tesar, Microsoft Technical Evangelist on Microsoft Azure and DevOps, will discuss how to accomplish this and more utilizing technologies such as Microsoft Azure, Visual Studio online, and Application Insights in this demo-heavy session.
Entuity®, a provider of enterprise-class network management solutions, today announced that it solidifies its position as a market leader through global enterprise customer acquisitions and a refined channel strategy. In 2014, Entuity increased new license revenues in EMEA by over 75 percent, and LATAM by over 125 percent as customers embraced Entuity for its highly automated solution and unified architecture. Entuity’s refined channel strategy focuses on even deeper strategic alignment with ke...
We are all here because we are sold on the transformative promise of The Cloud. But what good is all of this ephemeral, on-demand infrastructure if your usage doesn't actually improve the agility and speed of your business? How must Operations adapt in order to avoid stifling your Cloud initiative? In his session at DevOps Summit, Damon Edwards, co-founder and managing partner of the DTO Solutions, will highlight the successful organizational, process, and tooling patterns of high-performing c...
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
“We help people build clusters, in the classical sense of the cluster. We help people put a full stack on top of every single one of those machines. We do the full bare metal install," explained Greg Bruno, Vice President of Engineering and co-founder of StackIQ, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
In this demo at 15th Cloud Expo, John Meza, Product Engineer at Esri, showed how Esri products hook into Hadoop cluster to allow you to do spatial analysis on the spatial data within your cluster, and he demonstrated rendering from a data center with ArcGIS Pro, a new product that has a brand new rendering engine.
"Blue Box has been around for 10-11 years, and last year we launched Blue Box Cloud. We like the term 'Private Cloud as a Service' because we think that embodies what we are launching as a product - it's a managed hosted private cloud," explained Giles Frith, Vice President of Customer Operations at Blue Box, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
CloudBees, Inc., has announced a $23.5 million financing round, led by longtime CloudBees investor Lightspeed Venture Partners. Existing investors Matrix Partners, Verizon Ventures and Blue Cloud Ventures also participated in the round. The latest funding announcement follows earlier rounds of $4 million, $10.5 million and $10.8 million, bringing the total investment in CloudBees to just under $50 million since the company’s inception in 2010. Previous venture investment rounds were led by Ma...
“We are strong believers in the DevOps movement and our staff has been doing DevOps for large enterprise environments for a number of years. The solution that we build is intended to allow DevOps teams to do security at the speed of DevOps," explained Justin Lundy, Founder & CTO of Evident.io, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by minin...
The move in recent years to cloud computing services and architectures has added significant pace to the application development and deployment environment. When enterprise IT can spin up large computing instances in just minutes, developers can also design and deploy in small time frames that were unimaginable a few years ago. The consequent move toward lean, agile, and fast development leads to the need for the development and operations sides to work very closely together. Thus, DevOps become...
Puppet Labs on Wednesday released the DevOps Salary Report, based on salary data gathered from Puppet Labs' industry-recognized State of DevOps Report. The data confirms that market demand for DevOps skills is growing, and that DevOps engineers are among the highest paid IT practitioners today. That's because IT organizations today are grappling with how to be more agile and responsive to the business, while maintaining the stability of their infrastructure. DevOps practices, such as continuous ...