New York, NY, November 30, 2016 – The Global Cyber Alliance, an international non-profit organization focused on addressing systemic cyber risks, announces the release of its first project to fight phishing: a tool to make implementation of DMARC easier. The tool, available at https://dmarc.globalcyberalliance.org/ is easy to use and available for anyone to use, free of charge. DMARC (Domain-based Message Authentication Reporting & Compliance) provides brand protection, inbox protection and greater visibility into some of the threats organizations face.
DMARC was developed as a collaborative effort to combat fraudulent email by authenticating the sender of an email. Through the DMARC authentication process, brands are protected against their domains being used for phishing which can lead to identity theft, delivery of malware, and erosion of trust by customers. It can also be used to prevent massive abuse of an email domain to effectively perpetrate a DoS (denial of service) attack, crippling the ability of a company to communicate.
“Adoption of DMARC is one of the ways organizations can protect themselves and their clients by filtering out a lot of the bothersome and dangerous emails,” said Philip Reitinger, President and CEO of the Global Cyber Alliance. “Fraudulent email remains one of top systemic cyber risks and is a primary vector for the delivery of many threats such as phishing, malware, ransomware and “CEO” scams that can lead to major financial loss. Email filtering through the use of DMARC can significantly reduce the ability for an organization’s email to be used to perpetrate these crimes. The DMARC tool we’ve created walks people through each step of the implementation process to ensure proper set-up of the protocol. It’s a simple tool that provides tremendous protection. Every CEO, CFO and CMO should be talking to their security department about getting this protection in place immediately.”
In a GCA survey of the top 100 global companies (ranked by current market capitalization) it was determined that 87% either do not have a DMARC policy in place (62%) or if they do have a policy in place, it is set to “none” (25%) which will not prevent spoofed or fraudulent email from delivery to the user’s Inbox.
Aetna, a GCA partner, implemented a trusted email program based on the DMARC standard in early 2015. With careful planning to include all third parties sending email on behalf of the company, Aetna achieved great success with the program. Aetna email subscribers do not receive SPAM or illegitimate email – including phishing attempts – from any email address associated with Aetna. The program prevents approximately 60 million fraudulent email messages from being delivered. Additionally, Aetna has built greater trust with its email subscribers, realizing a 10% improvement on email click-through rates each year.
Another healthcare company working with GCA found that 0.5% of email messages were identified as false after moving to “quarantine” messages that fail DMARC checks. According to GCA calculations, if 0.5% percentage of emails are identified as false were the average, and DMARC was globally deployed, it would block over 500 million spoofed email messages every day.
“Phishing poses a greater threat to organizations and individuals every day. Corporations and governments are recognizing that when correctly deployed, DMARC is a highly effective, relatively low-cost means of protection,” said Steve Jones, Executive Director of DMARC.org. “The more domain owners who implement DMARC policies, the more the entire ecosystem benefits. More consumers and employees are protected, overall risk is reduced, and confidence in email is rebuilt. And the new tools from GCA are a great way to help start that process.”
“Empowering organizations, small and large, to defend against phishing attacks is just as important as prosecuting the bad actors responsible,” said Manhattan District Attorney Cyrus R. Vance, Jr. “Phishing attacks are the leading cause of economic damages related to cyber breaches today. I thank our Global Cyber Alliance partners for developing the solution deployed in this tool, which will help businesses and organizations of all sizes implement proven approaches to reducing cyber vulnerability.”
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.
GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.