At the centre of it all was email. Quickly identified as the culprit that allows cyber criminals to gain access to computers, it is up there alongside unpatched computers, as the number one villain in this latest cyber crime story. Thousands of companies are believed to have been infected by the latest ransomware attack called "Wannacry" including the UK's treasured National Health System. Having files lost to cybercriminals is one thing. To have operations cancelled, discharges delayed and the risk of patient records being lost is quite another.
Nobody knows for sure how the NHS systems came to be infected, but it's very likely that someone or several people opened a phishing email and either clicked on a link or, more likely, opened a document that exploited an unpatched system to freeze computer screens. Pay a ransom or your encrypted files will be lost forever, the threat then demands. For those without back-ups, it's a horrible choice to have to make.
It will also do email no good whatsoever. It's already the ocean that phishers operate in daily with ever-improving attempts to get us to sign in or download a document that will either steal our information and passwords or hold our treasured documents to ransom.
This means that far more must be done among businesses in educating staff not to click on links or open attachments that are from someone they don't know, or are unsolicited from someone they do know.
The latter point begs the question of why more organisations don't use Domain Message Authentication Reporting Conformance (DMARC). In the simplest terms, this is a means for an email sending server to show that it belongs to the organisation the message purports to come from.
For any business involved in email communication or marketing of any kind with staff, customers and suppliers, it's a win-win. Being able to show the ISP that an email is going to be delivered through your official domain not only improves deliverability rates, it can send poor-quality phishing attacks straight to the spam folder. In many cases, a criminal may be using computer software to send out many thousands of phishing emails. These will typically claim to be from someone else and may even try to impersonate a legitimate sender. With DMARC, however, the technology can see it is a spoof email and trash it.
It's not flawless -- and needs more ISPs to sign up to the technology to provide improved security -- but of all the available means to provide far better security at low cost and time commitment, DMARC has to be up there as the biggest no-brainer.
Remember, if your company domain is used for any type of email marketing, then it will help pick you out as a good guy who is trying to do their best to assure customers they can open your messages. That's good for deliverability and for brand image.
It's also good for the reputation of email marketing as a whole. There are many in digital marketing who will point to a lack of security in email that means it can't be trusted as much as their channel of choice. Let's face it -- they have a point. I simply don't trust anything with the BT logo on it anymore because phishers are daily trying to get me to click and sign into my account so they have my details.
The persistence of phishers means that email faces a stark choice. Make DMARC a de facto standard or accept continued accusations that the industry is doing nothing about the main route phishers use to ply their evil trade.
It's no real choice at all, really. Is it?