Securing Business Emails from Attacks
ReBIT’s Workshop on Best Practices in Email Security and DMARC
Date : 13 December 2018
Rapporteur: M.D.S.PRABU, Manager – Content Writer, ReBIT
“Appropriate tools and technologies help in protecting against the adversaries targeting email security,” commented Mr Vivek Srivastav, SVP, ReBIT. He was addressing professionals from the banking information security community who were participating at ReBIT’s workshop on best practices of email security and Domain Message Authentication Reporting & Conformance (DMARC) protocol, held on December 13, 2018 at One IndiaBulls Centre, Mumbai. He urged the participants to strive for 100% DMARC implementation and benefit from the experience and expertise of the guest speakers present at the event.
Mr AG Giridharan, AGM, Department of Banking Supervision (DBS), RBI, gave the keynote address. He stressed on the significance of having robust email security practices in organisations. He called upon technology companies to guide banks and financial institutions to adopt and benefit from DMARC technology. Mr Giridharan also advised the banks to analyse artefacts of phishing or other email attacks, so that the security of the email systems could be improved, subsequently.
Mr Prashant Lotlikar, Sr. System Engineering Manager, Research and Innovation team, ReBIT and Mr Arun Ramakrishnan, Manager- Information Security Awareness, Cyber Security, ReBIT presented an overview of the functioning of DMARC. Their presentation also witnessed the launch of ReBIT’s DMARC Analyzer tool. The participants were able to key in their official email IDs in the tool and obtain the live reports of their organisation’s DMARC status on their mobile phones. They also explained the process of DMARC implementation and quoted some of the recent phishing and spoofing attacks on the email IDs of senior business leaders and celebrities in India.
Mr Dhaval Kamani, Senior Vice President, Yes Bank shared their journey towards adopting DMARC. He highlighted the efforts to sensitise vendors and partners, through workshops and the internal training programs. He also explained how the IT processes were set to alert changes in third party email ecosystem, the specific DMARC process for active and passive domains, and the mandatory DMARC readiness forms to be completed by their new vendors.
Mr Bhavin Bhansali, Founder & CEO, ProgIST Solutions, explained some of the common issues and best practices in DMARC implementation. He also narrated the cases of email phishing and spoofing attacks of few BFSI and non-BFSI organisations, and revealed how they were able to generate return on investment, by implementing DMARC.
Mr Amol Mujumdar, Sr Director, Technology, Rediffmail emphasized that emails serve as authentic documents and documentary proofs in courts of law. He pointed the fact that cyber criminals are finding emails to be an easy target to attack and it severely impacts the organization’s market capital and brand.
Email gateway experts from CISCO and Trend Micro demonstrated the configurations in their product to leverage DMARC towards strengthening the email security in the participating banks. Besides, they also conducted a walkthrough session of their latest products and answered technical questions from the participating banks. They highlighted the importance of knowing global intelligence in email security practices.