authentication

Category

Posts

Time Magazine published an article this month reporting why the 2020 presidential campaigns are still vulnerable to cyber attacks, including a mention of recent Global Cyber Alliance research on the state of email security of the early Democratic presidential candidates.

“In March, the DNC moved up a briefing for campaign staffs about email security after an analysis from security advocacy group Global Cyber Alliance reported just four of the 14 declared major candidates had secured email systems.”

In keeping with our mantra – Do Something. Measure It. – GCA is committed to promoting and developing solutions to improve our global cyber posture. Protecting the integrity of the election process is critical. Stay tuned for more news from GCA in the coming months as we continue to raise the bar on security and roll-out new solutions to help our global community.

Cybersecurity Tech Accord joins with the Global Cyber Alliance to promote DMARC to prevent Business Email Compromise


Washington, DC – Today, some of the world’s best-known tech companies committed to support enhanced defensive measures to prevent email-born attacks targeting their employees, customers, and trading partners.

The Cybersecurity Tech Accord– and its 60+ global companies – have partnered with the Global Cyber Alliance (GCA) to promote the wide-scale use of the Domain-based Message Authentication, Reporting & Conformance (DMARC), a solution that prevents email scammers and criminals from “spoofing” legitimate email domains. Based on newly released research from GCA, an organization that deploys DMARC could expect to see up to a 35X ROI.

“The support from the tech community is critically important to the advancement of DMARC and improvement of email security,” said Global Cyber Alliance CEO and President, Philip Reitinger. “The Cybersecurity Tech Accord support comes on the one-year anniversary of the Homeland Security Directive that moved federal agencies to implement DMARC at the highest level. The federal government has been aggressively deploying DMARC, and it is wonderful to see major companies drive adoption as well.”

Following through on their promise to protect users and customers from evolving cyber threats, the Cybersecurity Tech Accord signatories will support GCA in promoting the adoption of the DMARC protocol on a broad scale.

“The Cybersecurity Tech Accord believes that it is vital for DMARC adoption to accelerate across sectors with businesses and governments taking a decisive step to enhance email security. Failing to address this issue exposes internet users everywhere to cyberattacks and the internet more broadly to systemic cybersecurity challenges,” said James Livingston, Vice-President of Sales and Business Development at WISeKey, a Cybersecurity Tech Accord signatory. “That is why we are committed as a group to advancing our email security policies and the adoption of techniques such as DMARC, and we encourage other businesses to do the same with the objective to have a more secure internet ecosystem.”

DMARC’s power in reducing Business Email Compromise (BEC), and providing return on investment (ROI) to companies that deploy it, is demonstrated by new research from GCA.  For the past two years, GCA has focused on the risk of phishing and strongly supported DMARC adoption to empower public and private organizations to defend against malicious emails.  Tens of thousands of domains have been evaluated using the GCA’s tools.

New GCA research shows the 1,046 domains that have successfully activated strong protection with GCA’s DMARC tools will save an estimated $19 million to $66 million dollars from limiting BEC for the year of 2018 alone.  These organizations will continue to reap that reward every year in which they maintain the deployment of DMARC. Additional savings over time will be realized so long as DMARC is deployed. If these 1,046 domains maintain DMARC for 10 years, the cumulative savings is likely to exceed $100 million.   (This also assumes that none of the other 19,000 domains that have been tested with the GCA tools will complete a migration and that the cost of BEC will remain stable.)

For a small business or organization that is only managing a handful of domains, the cost of setting up and maintaining DMARC can be very low. Some monthly services range from approximately $20 – $200. Based on the GCA report (which looks at only one impact of one type of potential threat prevented by DMARC) a single domain could realize up to a 35X return on investment from use of DMARC.  In addition, this research is just a snapshot of the potential return on investment of DMARC as the number of domains used in this research is a relatively small and concerns only a single type of threat. DMARC protects against other types of threats delivered by phishing which were not evaluated in this report.  Finally, the more domains that implement DMARC, the easier it is for receivers to be strict, and the greater the cumulative return on investment for everyone.

The Cybersecurity Tech Accord’s commitment comes as the threats from email scams are on the rise. According to data from ValiMail, approximately 6.4 billion fake emails were sent worldwide each day in 2018 – most coming from the United States, with healthcare and government being the most impacted sectors.[1] Research from Agari shows that 96% of the business organizations analyzed had experienced a BEC attack in the last six months, and the average business experienced 45 attacks from June – December 2017.[2]

Businesses are struggling to combat BEC scams. The FBI’s Internet Complaint Center, or IC3, estimated in July that BEC scams have accounted for $12.5 billion[3] dollars in losses around the world the last five years, including $2.9 billion dollars of BEC-related losses here in the US. The deployment of DMARC can significantly reduce an organization’s vulnerability to BEC, as DMARC prevents direct domain spoofing, one of the most difficult to detect forms of phishing, and a powerful tool for BEC.

The GCA implementation guide has helped many businesses create a DMARC policy to protect their brand. DMARC returns significant value. Several governments are now moving to DMARC, and the private sector is strongly supporting deployment of DMARC.  All organizations should make the move to DMARC.

About DMARC

DMARC is an email authentication policy and reporting protocol that helps prevent impersonation attacks via email. It is free and already included on popular email services such as Outlook. However, use of DMARC by government, the private sector and other organizations operating their own email is low, which puts their emails to other businesses and consumers in the crosshairs of threat actors.

DMARC is the first and the only widely deployed technology that helps protects both customers and domain owners. DMARC is a powerful tool that helps protect against phishing attacks, which are the entry weapon of choice for many cyber criminals. DMARC allows:

Domain owners to

  • Signal that they are using email authentication (SPF, DKIM)
  • Provide an email address to gather feedback about messages using their domain – legitimate or not
  • Apply a policy to messages that fail authentication (report, quarantine, reject)

Email receivers to

  • Be certain a given sending domain is using email authentication
  • Consistently evaluate SPF and DKIM along with what the end user sees in their inbox
  • Determine the domain owner’s preference (report, quarantine or reject) for messages that do not pass authentication checks
  • Provide the domain owner with feedback about messages using their domain

About the Cybersecurity Tech Accord

The Cybersecurity Tech Accord is a public commitment among more than 60 global companies to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 


[1] https://www.valimail.com/blog/6.4-billion-fake-emails-every-day/

[2] https://www.agari.com/business-email-compromise-report/

[3] https://www.ic3.gov/media/2018/180712.aspx

Global Cyber Alliance partner, Agari, recently published a startling report that exposes the lack of DMARC implementation among U.S. Fortune 500 companies. The Agari Global DMARC Adoption Report: Open Season for Phishers finds that only 8% of the Fortune 500 are protecting their companies’ domains with DMARC.

According to our Director of Operations, Shehzad Mirza, “DMARC is an essential tool that helps prevent spam, phishing and data loss…GCA urges organizations of all sizes to embrace this technology standard to eliminate direct domain spoofing.” Increasing the global adoption rate of DMARC has been one of the top priorities of GCA since its inception. GCA’s first project was the creation of a DMARC Setup Guide to help organizations with implementation. It is now available in nine languages and additional languages are scheduled for launch next month.

To read more about the Agari report, click here. To download the full report, click here.

CyberScoop logo

The US Department of Homeland Security announced last week that it is taking steps to ensure better email security across the federal government, in response to a recent letter from Sen. Wyden. This is good news considering only 10% of the government’s domains currently employ some level of the DMARC protocol.

“We welcome DHS’s call for ‘all parties to contribute’ to its e-mail security efforts,” said Phil Reitinger, CEO of the Global Cyber Alliance. “We are happy to see that DHS fully recognizes the value that DMARC offers. We applaud the leadership role that DHS has taken in this matter and are hopeful that this process leads to the full implementation of DMARC across the federal government.”

To read the full article from our friends at CyberScoop, click here.

Recent research by the Global Cyber Alliance (GCA) shows the globe’s leading security firms exhibiting at Black Hat USA 2017 have a long way to go towards the adoption of DMARC – email authentication – which can greatly reduce phishing attacks and the ability for hackers to hijack domains for ransomware attack. More than 73 percent of Black Hat exhibitors have not deployed DMARC at all.

GCA’s Chief Technology Officer, Andre Ludwig, spoke with Shaun Waterman of CyberScoop this week in Las Vegas, to discuss the importance of leadership by example in the security industry. You can read the full article here.

To learn more about DMARC and how you can implement it for your organization, visit us at dmarc.globalcyberalliance.org/index.html.