In a recent article published in the Web Writer Spotlight, Cathy Trimidal argues that even though the risk of cyber-attacks has steadily risen, often times governments haven’t taken the necessary actions to protect their citizens. This lack of trust between companies and policy makers, she writes, has led many to seek alternative solutions, namely entering various cyber alliances such as the Global Cyber Alliance (GCA). She discusses the advantages of companies being a part of these larger alliances, in which information sharing can lead not only to heightened security for individual companies but to increased security in the digital world for us all.
To read Trimidal’s full article, please click here.
Our Executive Director of the UK, Middle East and India, Andy Bates, sat down with Mathew Schwartz of DataBreachToday to discuss the future of cyber security. In the interview below, Andy discusses the following:
The evolution of online crime and nation-state attacks;
Strategies for addressing top business challenges;
Free and tools to help organizations improve their cybersecurity posture.
To watch the interview, please click on the picture below.
By Gill Thomas
In addition to holding funds, charities store personal, financial, and commercial data. They are often perceived as “soft targets” by cybercriminals and as a result face many online risks. Surveys conducted within the sector typically note a lack of specialist-skilled technical staff, as well as problems with both recruitment and retention which would suggest they are less prepared for and more vulnerable to cyberattacks than their for-profit counterparts. But they do owe a duty of care to safeguard the personal information of their donors and the vulnerable people and causes they support.
With charities often reliant on donations, grants, and good will, the focus is on maximising the impact the charities have on the causes for which they stand. By minimising administration, staff, and IT costs more money can go towards their charity mission, and through transparent reporting donors are able to see how much of their donation goes directly to front line services and how much is spent on back office administration. It is therefore in the charity’s interest to keep these indirect costs to a minimum to appease their donor community.
There are many reasons why specific charities may be targeted for cyber-attacks; depending on the causes they support this could include attacks by nation states, hacktivists, insiders, and terrorists. Attacks may be direct or indirect via suppliers and third parties or come in via branches and projects overseas where the security culture may be less stringent. Attacks often take the form of:
Ransomware and Extortion – initiated via phishing emails and links to compromised websites.
Business Email Compromise (BEC) Attacks – initiated via email domain spoofing, requesting money transfers to illegitimate bank accounts.
Fake Organisations and Websites – initiated via the creation of fake organisations and websites often in the immediate aftermath of a disaster or global event.
These attacks can negatively impact the charity by diverting funds, stealing data for onward sale, and attracting bad publicity.
As part of an international effort, the Fraud Advisory Panel and the Charity Commission for England and Wales held their annual Charity Fraud Awareness Week this week, highlighting different risks faced by charities each day. Advice and information is available via the Charity Fraud Awareness Hub and has been trending all week under #CharityFraudOut.
Earlier this year, the Charity Commission conducted the largest survey ever undertaken into fraud and cybercrime among the UK charity sector. The report published this week, Preventing Charity Cybercrime: Insights and Action, October 2019, found that:
58% of charities think cybercrime is a major risk to the charity sector.
22% believe cybercrime is a greater risk to the charity sector than other sectors.
Phishing and malicious emails are the most common attack vector.
The full report, alongside Preventing Charity Fraud: Insights and Action, is available to download here.
Charities are a force for good, but unfortunately they remain a target for cybercriminals. The Global Cyber Alliance applauds the great work of the Fraud Advisory Panel and the Charity Commission during Charity Fraud Awareness Week, which brings an annual focus to the many risks faced by charities throughout the year.
Our October newsletter is now available for your reading pleasure! Catch up on everything we have been up to this past month!
Click on the picture below to get all the details!
On October 30th, GCA will provide a webinar about DMARC. In this webinar, GCA will provide an overview of DMARC, which explains what DMARC protects against, why it is important to implement, and the various components involved with implementation.
DMARC is considered the industry standard for email authentication to prevent attacks in which malicious third parties send harmful email using a counterfeit address. DMARC stops email impersonation – by implementing DMARC, domains lower the odds of their domains being spoofed and used for phishing attacks on recipients. The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks and, unsurprisingly, 91% of all cyber-attacks begin with a phishing email.
Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC through advocacy, by providing a set of tools, and campaigns to drive deployment. GCA also measured the economic impact of DMARC. In just a few short years, GCA’s DMARC initiative has resulted in more than 5,700 organizations across more than 180 countries adopting DMARC. This has led to estimated financial benefits of more than $19 Million USD in 2018 across a diverse array of industries and governments.Moreover, the $19M estimate is merely from GCA’s activity. GCA’s other partners, including nonprofit organizations, commercial vendors, governments, and enterprises are also deploying and supporting the deployment of DMARC. For these organizations, the most-affected 1% of them will save $302,000 per year solely from reducing business email compromise (BEC) through DMARC, even assuming only 1% of BEC emails lead to action. If that number grows to 5%, the loss reduction for that 1% is $1.3M per year. Adding that up across the Internet is a big number, and that is from BEC losses alone.
After registering, you will receive a confirmation email containing information about joining the webinar.
The EU team of Global Cyber Alliance will close its crazy autumn (eleven events in nine European countries!) with a very special event in Brussels where they have worked as Programme Partners – the ‘Digital Identity and Trust Summit’, organised by Heliview.nl. For this event, GCA has contributed with two speakers from two of its key partners, Red Sift and Mastercard.
In celebration of Cybersecurity Awareness Month, the Global Cyber Alliance (GCA) launched an international series of half-day workshops to bring the GCA Cybersecurity Toolkit for Small Business directly to small business owners through in-person training sessions.
The workshops are designed to engage local communities in a collaborative effort to help small businesses improve their cybersecurity posture and empower not only the session attendees but also create “cybersecurity champions” who can take the resources from the training and leverage it to further educate their stakeholders and communities.
The first workshop was held in Providence, Rhode Island and was conducted in partnership with the Tech Collective, the Rhode Island Joint Cyber Task Force, and the Southeastern New England Defense Industry Alliance. The event kicked off with opening remarks from Rhode Island Lt. Governor Daniel McKee, who stressed the importance of small businesses to the economy and the need for ensuring that measures are in place to help protect this sector from ever-increasing cyber risks. Joe Devine, the Executive Director of the Tech Collective, and Lt. Eric Yelle with the Joint Cyber Task Force also addressed the audience in support of cybersecurity awareness and practical action.
The training session was conducted by Adnan Baykal, GCA’s Global Technical Officer, and Douglas Tondreau, the Lead Information Technologist for the Digital Forensic Center at the University of Rhode Island. Adnan and Douglas walked the attendees through key elements of the toolkit with hands-on exercises and non-technical explanations of how the tools in the toolkit can help them raise their cyber preparedness. Topics included two-factor authentication, preventing phishing and viruses, backup and recovery, and how to protect your brand and reputation.
The second workshop was held in Barnsley, UK with the kind support of the Digital Media Centre, Yorkshire Cyber Security Cluster, and Bob’s Business. Taking on a similar format to the Rhode Island event, Bob’s Business CEO Melanie Oldham welcomed everybody, and there were remarks from Mastercard Regional Security Manager Isabel Gilbert and Lead Security Analyst Derek Pillar stressing the importance of cyber hygiene among small businesses. The training session was conducted by GCA’s UK Executive Director Andy Bates and assisted by co-hosts.
Both workshops were extremely well received, with attendees indicating that they left the sessions with a better understanding of how cyber threats impact their companies and with new skills that can immediately be applied to improve their cybersecurity. Just as important, the workshops also served to build bridges for the attendees with local organizations and individuals in their communities who can serve as resources for the small businesses in furthering their cybersecurity journeys.
GCA will be conducting more workshops throughout the remainder of 2019 and into 2020. If you are interested in serving as a co-host for a workshop in your community, please let us know by contacting us at firstname.lastname@example.org.
Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate the adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) through advocacy, campaigns to drive deployment, and by providing a set of tools. GCA has also measured the economic impact of DMARC, which is considered the industry standard for email authentication combating email impersonation. The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks; unsurprisingly, 91% of all cyber-attacks begin with a phishing email.
On September 9th, 2019, GCA started the DMARC Bootcamp. The purpose of the bootcamp was to provide organizations with enough information to be able to understand DMARC and the associated parts: authentication, reporting, and conformance. We broke the bootcamp into six weeks in which we started with the basics, each week getting more technical and detailed before ultimately providing guidance to the participants to reach the first DMARC policy level of “none.” However, we aimed to make sure participants had enough information to continue on with the DMARC process and ideally move to the highest DMARC policy level of “reject.”
Overall, we had more than 1,800 people register from 1,297 organizations across 55 countries.
(Figure 1 – DMARC Bootcamp Participation)
Out of the 1,800 plus registrants, we had 965 people attend the webinars, with the first session drawing the highest attendance.
We performed a scan of domains at the beginning of the bootcamp (based on the emails of the registrants) and excluded all consumer based accounts (gmail, hotmail, yahoo, etc.). Based on our initial scans:
766 organizations had no DMARC policy
370 organizations were set to p=none, which is the “monitor only” mode for DMARC (no filtering but used for making adjustments)
77 were set to p=quarantine (DMARC enforcement which puts fraudulent messages in spam/junk)
72 were set to p=reject (DMARC enforcement which drops fraudulent messages)
12 organizations had set up a DMARC policy but had errors with the policy
Throughout the six weeks, we saw organizations start to implement DMARC and make adjustments to their DMARC policy. On average, 12 to 15 organizations implemented DMARC each week.
(Figure 2 – DMARC Adoption across six weeks of the DMARC Bootcamp)
By the end of the bootcamp we saw 90 organizations implement DMARC, with domains located across 11 countries. Seven jumped right to p=reject, eight to p=quarantine, and 75 to p=none. Initially there were 12 organizations that had errors with the policy. The main issue was that the p tag was located towards the end of the policy rather than having the p tag set as the second tag. We reached out to each organization with this information. Two organizations have made the adjustment so far. We will continue to reach out to help the remaining organizations.
Another 23 domains had a different kind of error. These were domains with a DMARC policy that did not have reporting enabled, which is a problem especially when the DMARC policy is set to “none.” The purpose of level “none” is simply to enable reporting and review the reports that are being generated; it does not do any filtering or actually enforce DMARC. The DMARC reports are what provide you with the information necessary to determine when to change your policy to “quarantine” or “reject.” Just having a policy of “none,” with no reporting enabled, does not protect your domain or brand nor does it prevent the use of your domain in phishing campaigns.
Overall, the GCA DMARC Bootcamp allowed for many organizations to implement DMARC or obtain the knowledge to get started with making a plan to implement DMARC. According to our data, 75 organizations were able to get to a policy level of “none” within one to six weeks. This shows that getting started is relatively easy. It is more challenging to move to “quarantine” or “reject,” because it may take time to review the reports and make the appropriate adjustments to the authentication mechanisms used by DMARC.
To all bootcampers and non-bootcampers, even though the bootcamp has finished, it doesn’t mean that you should stop your progress. If you haven’t started, then start by implementing a policy of “none.” If you are at “none,” don’t lose your momentum! Keep moving forward, review those reports, and get to a higher enforcement level of DMARC. GCA is still here to help and provide guidance on DMARC at any level. Please do not hesitate to reach out to us at email@example.com.
58% of cybercrime targets small businesses… don’t be the next statistic!
Join GCA in New York City for an interactive workshop where you will learn about the cyber risks small businesses face. You will walk away with the necessary knowledge needed to better protect your business from a cyber-attack.
The session will take place on Thursday, November 7th, from 8:30am to 12:30pm (EDT) at Silicon Harlem.
Please click on the picture below to register for the event!
“In cyberspace, the bad guys have the upper hand: speed, anonymity, and leverage – essentially unbounded by space and time.”
Phil Reitinger, President & CEO of GCA, and Tony Sager, Senior Vice President & Chief Evangelist of CIS, published The State of the Operational Ecosystem. Their piece touched on the cybersecurity ecosystem and explained the risks some individuals and companies still face. “Our people are chasing their robots” as Rich Struse, Chief Strategist for Cyber Threat Intelligence at MITRE, described it.
Reitinger and Sager explain that a majority of our defenses are “pinned down” by huge problems such as:
Poorly engineered software
Poor configuration choices
Inconsistent and sometimes conflicting security controls.
To read the full article, please click on the picture below.