Democratizing Data & Harnessing it for Email Security

Big data is a field that has been talked about and highlighted as a key focus in regards to  technology advancement for decades, with the term originally being coined in the 90s

Many organizations, however, are still struggling to extract value and insights from the vast volumes of data being generated via emails, apps, sensors and other corporate data sources. Prior to founding Red Sift in London in 2015, our team had a history of working with big data and creating software that delivered effective technologies to consumers. So when we began to look at how we could democratize data to help companies harness it in a way that made a real difference to them, we knew we had to start by building a serverless, data-driven platform.

Upon finishing the platform, we needed to provide a proof of concept, so we looked to one of the biggest data challenges of our time: cybersecurity. Specifically, email security, given that we get so much data from our emails. Another key factor in our strategy was the fact that phishing continued, and still continues to be a persistent threat to companies’ money, data and operational systems. In fact, 90 percent of cyber attacks start with phishing emails, a statistic that should be much lower given that the DMARC protocol was proposed in January of 2012, and mandated by the Department of Homeland Security (DHS) in 2018.

For context, Domain-based Message Authentication, Reporting and Conformance (DMARC) is a globally recognized email standard that makes it easier to determine whether an email is from a legitimate sender. Despite the fact that the protocol was developed eight years ago and mandated by the DHS two years ago, the adopted levels of DMARC protection are worryingly low.

So we created OnDMARC, which eradicates the threat of phishing attacks stemming from email impersonation, ensuring emails being sent from a specific domain address cannot be spoofed and are in fact legitimate. OnDMARC is complemented by OnINBOX, which uses machine learning to protect against additional email threat vectors. It serves as a personal security check for every email through a simple, traffic light warning system at the top of every email telling users where their emails are from and whether they can be trusted. 

In 2019 we ran two email security-focused reports analyzing the education and retail sectors. The education report showed that of the 200 universities we surveyed, 116 did not have a valid DMARC record in place. Seventy-eight schools only had the protocol deployed in reporting mode meaning phishing emails could still find their way to the inbox. This left only six schools that actually had their DMARC deployed in protection mode – the only way to authenticate and block suspicious mail. The retail report, which looked at the top U.S. retailers in the lead up to Black Friday and Cyber Monday, showed that only 12.5 percent of top U.S. retailers were protecting customers from email fraud. 

While it’s all well and good mandating something, our research has shown that implementing it is another matter. DMARC itself is a free, open standard. Theoretically, people should be able to implement this themselves, so why do we exist? Well, there are a couple of main stumbling blocks that our data computation technology helps organizations to navigate. 

Firstly, deploying DMARC can lead to information overload and computing power is the only way to get insight from the complex and numerous DMARC XML reports that an organization will receive on a daily basis. Trying to do this manually is a near impossible task. It’s in the harnessing of computing – not consultant – power that has allowed organizations to get to full protection quickly, with no professional services at all, such as one of our magic circle law firm customers who got to “p=reject” in just 6 weeks. 

Secondly, putting DMARC into full protection mode can be a scary prospect – put a foot wrong and you can accidentally block legitimate emails. This is why an intelligent DMARC solution that analyzes data to provide a personalized, guided journey to full protection is a must have. Furthermore, when you secure your emails with DMARC, deliverability rates improve! Given the sheer number of emails the average person receives on a daily basis, inboxes have become, quite rightly, more choosy about who they let in. If they can’t verify that it’s genuinely you, they are more likely to put you in the junk folder. Numed, a medical device distributor working with the NHS and private practices in the UK, saw a huge jump in deliverability post implementation with OnDMARC from 50 to 98 percent and Transferwise increased their average monthly email deliverability rate from approximately 90 percent of emails to 99 percent, equating to around 450,000 additional emails making it into customers’ inboxes.

Our recent $8.8M funding round is a testament to both the platform we have created, as well as the industry’s backing in our mission to democratize data and allow companies to harness that data to solve the issues facing today’s organizations.  

About the Author

Rahul Powar is founder and CEO of Red Sift. Red Sift is a data-driven cybersecurity business that uses machine learning to help organizations of all sizes and sectors address day-to-day security challenges. It offers a dashboard of tools that analyze and synthesize data from core business processes – such as email – to help users to better manage their online security. Red Sift’s mission is to democratize the technology essential for cybersecurity. Find out more:

Featured image: ©SasinParaksa