By Mary Kavaney
Last week, alarming statistics were published on the lack of DMARC implementation in the financial sector. While the top 5 banks in the United States have implemented DMARC to protect their organizations and customers, the rest of the research results were not so good. Out of the top 50 banks in the U.S., only 11 use DMARC; out of the top 50 European banks, only 9 utilize the benefits of DMARC; and of the top 50 independent banks in the U.S., none use DMARC!
I have listened to the reasons why organizations have not implemented DMARC: it will prevent valid email from getting through; it’s too complicated and will take too long; they don’t have enough resources. I know; I know all the challenges…but they can be overcome! In the meantime, all sectors are getting hammered, especially finance. In fact, the FS-ISAC feels so strongly about the importance of implementing DMARC, they issued a letter to their membership encouraging its adoption. It will be interesting to see who is really paying attention and willing to follow the lead of their fellow financial services colleagues.
Despite millions of dollars being spent in security and hundreds of thousands of hours by dedicated IT people, the bad guys are still winning, and the battle is being lost. At the FS-ISAC conference last week in Singapore, Ken Chau, Deputy Director for the Monetary Association of Singapore, said 90 percent of the banks in the APAC region experienced a cyber attack in 2016.
Christian Karam, Director of Cyber Threat Intelligence at UBS in Singapore, said at the conference that when he went to UBS, there was such a complicated security apparatus, he decided to take a novel approach and shut down all the feeds and start over.
Wow. Start over.
Depending on the size and complexity of the organization, DMARC can be a time-consuming investment, but perhaps instead of adding to the security queue, we must seriously consider starting over.
Isn’t it time to do things differently? GCA is a huge proponent of DMARC and took on the task of increasing global implementation as its first project. We have partners and resources, and a free tool that can get you started or take you through the whole process. You can learn more at: https://dmarc.globalcyberalliance.org/index.html.
It’s time to rethink, start over, and do things differently.
The author, Mary Kavaney, is the Chief Administrative Officer at the Global Cyber Alliance.