Global airline companies are on the verge of falling victims to brand phishing and other email frauds due to the lack of adequate email security measures. Recently, security research analyzed 296 member airlines of the International Air Transport Association (IATA).
Out of these, 61% of airline companies were found vulnerable to email fraud. They did not have a published DMARC (Domain-based Message Authentication, Reporting & Conformance) record. This not only made them potential victims of email spoofing but also left their customers at risk of email scams and other cyber frauds.
The member airlines of IATA account for carrying around 82% of total air traffic. This analysis highlighted the majority of airlines that are risking their customer’s information in the various regions across the globe.
- 85% of the airline firms in China and North Asia lack a published DMARC policy.
- The Asia Pacific has 70% of airline organizations with no DMARC policy.
- This security failure is followed by Europe and the Middle East & Africa at 57%, and the United States at 43%.
Cybercriminals are already leveraging the current pandemic situation to launch more sophisticated cyber attacks. These percentages will only make it worse if adequate email security measures are not implemented as soon as possible in the near future.
Cyber Attacks in the Airlines Industry
Emails are the prime source of communication between airlines and their customers. They majorly rely on this source to decide whether to book new flights or to get updates on flight cancellations. They entrust their data like passport numbers, credit card information, etc., to airlines while booking flights.
Imagine when the prime source of the communication remains unsecure, how much sensitive data could be breached! This is why cyber attackers find this industry as a gold mine to dig out such sensitive information by looking for exploitable vulnerabilities.
Here are the staggering statistics on the impact of cyber attacks and data breaches on airlines across the globe:
- In May 2020, Easyjet confirmed that the email addresses and travel details of nearly 9 million global customers were accessed in a sophisticated cyber attack. Out of them, the credit card and debit card details of 2,208 customers were accessed.
- Cathay Pacific Airways in October 2019, revealed that the personal information of 9.4 million customers was breached.
- In 2019, British Airways suffered two data breaches. The data of 380,000 passengers was compromised in the first breach and a month later, the data of 185,000 more customers was breached.
- Even back in 2018, data of British Airways 500,000 customers got compromised including the bank card information of passengers. The airline was later charged with a fine of £183 million.
If cyber attacks were not a worthy reason to worry about, the latest security research highlighted the following failures of email security:
- 7 in 10 airlines are leaving their customers vulnerable to fraudulent emails.
- 35 out of 61 airlines in the Middle East and Africa do not have a DMARC policy published.
- 57 out of 61 airlines in the Middle East and Africa do not have the recommended implementation of the protocol. (Source: CISO MAG)
Why is DMARC Highly Recommended for Email Security in Organisations?
Currently, 93% of airlines in Europe and the Middle East & Africa lack the implementation of the most recommended strictest policy of DMARC protection. The “Reject” policy is the strictest policy that blocks fraud emails from reaching receivers. Without proper email security, organizations are not only putting their brand image at risk but also the personal information of their customers.
Seeing to these disturbing statistics and poor security practices, it can be concluded that the airline industry is one of the most vulnerable industries today. This industry holds a majority of the contribution to a nation’s economy. Thus, making it to the list of top targets for cybercriminals.
CIOs in their organizations should consider implementing robust email security defenses as their top priority. They must initiate investing in tools that help in configuring and managing DMARC protection to prevent email-based cyber attacks. DMARC secures the organization against email spoofing and other misuses of corporate domains.
DMARC deployment tools like KDMARC help organizations in implementing the right policies and defending their email domains against forgery. TDMARC is an email authentication and anti-spoofing solution that helps organizations in securing and enhance their outbound mail ﬂow. It allows organizations to trust their mailbox by preventing brand abuse and boosting email deliverability, and email engagement rate.
The benefits of choosing KDMARC:
- Reduces the risk of email-based cyber attacks
- Shields email domains from being exploited by threat actors
- Identifies all the top sources abusing your domain
- Protects brand reputation, customer base, and business
- Improves email deliverability and boosts engagement rate
- Gives full insight into email channels including third party emails and abuse