No question about it, ransomware is on the rise, and the majority of enterprises remain vulnerable to inbound phish emails that often are the originators of ransomware attacks.One recent ransomware outbreak, Petya, appears to have originated in the Ukraine. Like WannaCry before it, once it has infected a computer it attempts to spread through local area networks. But according to the\u00a0Romanian national CERT (Computer Emergency Readiness Team)\u00a0Petya\u2019s initial point of entry is often a phishing email that contains a Trojan-horse document which, if opened, will infect the target computer. \u201cInitial infection of systems is achieved through documents attached to phishing email messages that users are urged to open,\u201d according to the Romanian publication\u00a0Business Review.Petya has wreaked havoc\u00a0at global advertising firm WPP as well as Saint-Gobain in France and Evraz and Rosneft in Russia. Similarly, last month, WannaCry shut down computers at the U.K. National Health Service, Deutsche Bahn, FedEx, and many more. When Wannacry broke out, the\u00a0U.S. Computer Emergency Readiness Team\u00a0recommended setting up strong spam filters and email authentication in order to prevent phish from reaching end users (along with updating and patching Windows OS, naturally). Similarly, we now see security companies such as Mimecast advising clients to\u00a0protect their email systems\u00a0in order to better defend against Petya.Phishing \u2014 again and againPetya and WannaCry are not unique: Analysis of cyberattacks suggest that\u00a091 percent of all cyberattacks start with phish. This keeps happening because, while technical solutions are available to curtail phishing attacks, they are complex and opaque, which means most companies\u00a0have challenges implementing them fully.Take, for instance, a phishing campaign directed at DocuSign users that was revealed earlier this summer. These phishing attacks, DocuSign revealed, made use of a list of\u00a0up to 100 million customer names and emails\u00a0that hackers had managed to exfiltrate from DocuSign\u2019s servers. DocuSign was careful to note that its core e-signature service hadn\u2019t been compromised, and that the only thing the hackers got were names and emails.\u00a0However, using that email list the hackers crafted a tricky phishing campaign aimed at DocuSign\u2019s customers. Emails looked like a request to sign a DocuSign document, but actually contained a nasty payload: A Word document with macros in it that, if run, would download additional malicious content from the web. (DocuSign has posted\u00a0technical details of the attack in a PDF.)To its credit, DocuSign has responded\u00a0publicly and transparently. The company outlines some things to watch for that could indicate malicious emails:\u201cThey may appear suspicious because you don\u2019t recognize the sender, weren\u2019t expecting a document to sign, contain misspellings (like \u201cdocusgn.com\u201d without an \u2018i\u2019 or @docus.com), contain an attachment, or direct you to a link that starts with anything other than\u00a0https:\/\/www.docusign.com\u00a0or\u00a0https:\/\/www.docusign.net.\u201dFurther down that page, the company advises, \u201cLegitimate DocuSign signing emails come from @docusign.com\u00a0or @docusign.net\u00a0email addresses.\u201dAnd here\u2019s where things go wrongDocusign\u2019s recommendation to only trust emails from\u00a0docusign.net\u00a0and\u00a0docusign.com\u00a0may lead to additional security issues, because it only makes sense if email from those domains is trustworthy. And while the\u00a0docusign.net\u00a0domain has been \u201clocked down\u201d with email authentication (properly configured and set to enforcement),\u00a0docusign.com\u00a0has not: Its email authentication has been set up but is not configured to reject non-authenticating messages (see ValiMail\u2019s domain checker for the\u00a0DMARC status of docusign.com).\u00a0That means that attackers can still send email with\u00a0docusign.com\u00a0in the \u201cFrom\u201d address, and have reasonable confidence that their messages will reach their targets\u2019 inboxes.This is a common mistake among companies responding to cyberattacks: They warn customers about the compromise that has just happened, but don\u2019t lock down their domains to ensure that only authenticated senders can use the company\u2019s domain name in email messages. As a result, hackers can extend the initial attack by sending an email to customers that appears to come from the hacked company and looks like an apology or security warning from the company\u2019s CEO, but which actually contains a link to a malicious website.The takeawayEven companies that know about email authentication struggle to implement it completely. In fact, ValiMail has found that about\u00a075 percent of all companies attempting DMARC authentication\u00a0don\u2019t get it implemented correctly or fail to get to a \u201creject\u201d policy. It\u2019s not for lack of trying. In the era of cloud-based everything, there are thousands of services that send email on behalf of companies. Managing email authentication today requires deep understanding and automated control of \u00a0the global email ecosystem.Email authentication is not a silver bullet against all phishing attacks, but it is one of the few security technologies that is proven to be 100% effective against attacks that directly spoof your brand \u2014 protecting your executives, employees, and consumers globally. When coupled with additional service layers, authentication can also mitigate shadow email services and improve deliverability. And since so many cyberattacks start with phish, it\u2019s a good place to start building your defenses.