DHS

Category

Posts

Cybersecurity Tech Accord joins with the Global Cyber Alliance to promote DMARC to prevent Business Email Compromise


Washington, DC – Today, some of the world’s best-known tech companies committed to support enhanced defensive measures to prevent email-born attacks targeting their employees, customers, and trading partners.

The Cybersecurity Tech Accord– and its 60+ global companies – have partnered with the Global Cyber Alliance (GCA) to promote the wide-scale use of the Domain-based Message Authentication, Reporting & Conformance (DMARC), a solution that prevents email scammers and criminals from “spoofing” legitimate email domains. Based on newly released research from GCA, an organization that deploys DMARC could expect to see up to a 35X ROI.

“The support from the tech community is critically important to the advancement of DMARC and improvement of email security,” said Global Cyber Alliance CEO and President, Philip Reitinger. “The Cybersecurity Tech Accord support comes on the one-year anniversary of the Homeland Security Directive that moved federal agencies to implement DMARC at the highest level. The federal government has been aggressively deploying DMARC, and it is wonderful to see major companies drive adoption as well.”

Following through on their promise to protect users and customers from evolving cyber threats, the Cybersecurity Tech Accord signatories will support GCA in promoting the adoption of the DMARC protocol on a broad scale.

“The Cybersecurity Tech Accord believes that it is vital for DMARC adoption to accelerate across sectors with businesses and governments taking a decisive step to enhance email security. Failing to address this issue exposes internet users everywhere to cyberattacks and the internet more broadly to systemic cybersecurity challenges,” said James Livingston, Vice-President of Sales and Business Development at WISeKey, a Cybersecurity Tech Accord signatory. “That is why we are committed as a group to advancing our email security policies and the adoption of techniques such as DMARC, and we encourage other businesses to do the same with the objective to have a more secure internet ecosystem.”

DMARC’s power in reducing Business Email Compromise (BEC), and providing return on investment (ROI) to companies that deploy it, is demonstrated by new research from GCA.  For the past two years, GCA has focused on the risk of phishing and strongly supported DMARC adoption to empower public and private organizations to defend against malicious emails.  Tens of thousands of domains have been evaluated using the GCA’s tools.

New GCA research shows the 1,046 domains that have successfully activated strong protection with GCA’s DMARC tools will save an estimated $19 million to $66 million dollars from limiting BEC for the year of 2018 alone.  These organizations will continue to reap that reward every year in which they maintain the deployment of DMARC. Additional savings over time will be realized so long as DMARC is deployed. If these 1,046 domains maintain DMARC for 10 years, the cumulative savings is likely to exceed $100 million.   (This also assumes that none of the other 19,000 domains that have been tested with the GCA tools will complete a migration and that the cost of BEC will remain stable.)

For a small business or organization that is only managing a handful of domains, the cost of setting up and maintaining DMARC can be very low. Some monthly services range from approximately $20 – $200. Based on the GCA report (which looks at only one impact of one type of potential threat prevented by DMARC) a single domain could realize up to a 35X return on investment from use of DMARC.  In addition, this research is just a snapshot of the potential return on investment of DMARC as the number of domains used in this research is a relatively small and concerns only a single type of threat. DMARC protects against other types of threats delivered by phishing which were not evaluated in this report.  Finally, the more domains that implement DMARC, the easier it is for receivers to be strict, and the greater the cumulative return on investment for everyone.

The Cybersecurity Tech Accord’s commitment comes as the threats from email scams are on the rise. According to data from ValiMail, approximately 6.4 billion fake emails were sent worldwide each day in 2018 – most coming from the United States, with healthcare and government being the most impacted sectors.[1] Research from Agari shows that 96% of the business organizations analyzed had experienced a BEC attack in the last six months, and the average business experienced 45 attacks from June – December 2017.[2]

Businesses are struggling to combat BEC scams. The FBI’s Internet Complaint Center, or IC3, estimated in July that BEC scams have accounted for $12.5 billion[3] dollars in losses around the world the last five years, including $2.9 billion dollars of BEC-related losses here in the US. The deployment of DMARC can significantly reduce an organization’s vulnerability to BEC, as DMARC prevents direct domain spoofing, one of the most difficult to detect forms of phishing, and a powerful tool for BEC.

The GCA implementation guide has helped many businesses create a DMARC policy to protect their brand. DMARC returns significant value. Several governments are now moving to DMARC, and the private sector is strongly supporting deployment of DMARC.  All organizations should make the move to DMARC.

About DMARC

DMARC is an email authentication policy and reporting protocol that helps prevent impersonation attacks via email. It is free and already included on popular email services such as Outlook. However, use of DMARC by government, the private sector and other organizations operating their own email is low, which puts their emails to other businesses and consumers in the crosshairs of threat actors.

DMARC is the first and the only widely deployed technology that helps protects both customers and domain owners. DMARC is a powerful tool that helps protect against phishing attacks, which are the entry weapon of choice for many cyber criminals. DMARC allows:

Domain owners to

  • Signal that they are using email authentication (SPF, DKIM)
  • Provide an email address to gather feedback about messages using their domain – legitimate or not
  • Apply a policy to messages that fail authentication (report, quarantine, reject)

Email receivers to

  • Be certain a given sending domain is using email authentication
  • Consistently evaluate SPF and DKIM along with what the end user sees in their inbox
  • Determine the domain owner’s preference (report, quarantine or reject) for messages that do not pass authentication checks
  • Provide the domain owner with feedback about messages using their domain

About the Cybersecurity Tech Accord

The Cybersecurity Tech Accord is a public commitment among more than 60 global companies to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 


[1] https://www.valimail.com/blog/6.4-billion-fake-emails-every-day/

[2] https://www.agari.com/business-email-compromise-report/

[3] https://www.ic3.gov/media/2018/180712.aspx

Our CEO, Philip Reitinger, discusses how US federal agencies’ progress on DMARC deserves praise.

“Based on the most recent numbers from DHS, reported by FCW, federal agencies will come close to making the Department of Homeland Security’s deadline to implement Domain-Based Message Authentication, Reporting and Conformance tools, or DMARC.”

Click below to read the entire article.

Fed Gov 90 Days to DMARC

The Global Cyber Alliance Provides Free Tools for Agencies to Meet

U.S. Department of Homeland Security Deadline


WASHINGTON, D.C., July 16, 2018 – U.S. federal government agencies have less than 90 days to meet a U.S. Department of Homeland Security (DHS) Binding Operational Directive (BOD) focused on bolstering email and website security for all federal agencies that operate .gov email and website domains. The federal government has made good progress toward fulfilling the directive, with 74% of the domains tested having implemented a DMARC policy, however, less than half of the domains (47%) are at the highest policy level of “reject” – the setting that prevents spoofed email from being delivered to people. Agencies have three more months to meet the requirements of the directive.

By October 16, 2018, all agencies are required to deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) at the policy level of “reject” to prevent spammers and phishers from using an organization’s name to conduct cyberattacks.

Since the BOD was issued on October 16, 2017, GCA research has found that more than 600 agency email domains have moved to the most secure “reject” setting for DMARC. In total, 605 domains are set to “reject” and 26 are set at the second-highest security level, “quarantine”. However, half of all federal government email domains (319) have only deployed DMARC at its least secure setting or have not deployed DMARC at all (334).

“DHS has shown tremendous leadership in requiring the deployment of advanced email and web security tools that will protect consumers, government workers and our nation’s critical infrastructure,” said Philip Reitinger, president and CEO of the Global Cyber Alliance. “Even with difficulties, agencies should at least have implemented DMARC at its most simple level. It takes little time, does not risk disruption of service, and provides insight on operations and threats.”

GCA has helped organizations implement DMARC with a collection of free resources that include the GCA DMARC Setup Guide, instructional videos, and webinars. Agencies can take advantage of these resources online at www.dmarc.globalcyberalliance.org.

DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of any person with an email address.  According to the 2018 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years.

Without DMARC protection, hackers can create emails that appear to be from a trusted source but instead contain malicious links or ask for additional personal information that could be provided by unsuspecting consumers.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

Anti-Phishing and Web Surfing Security Tools Deployed Across More Than 200 Countries


London, June 6, 2018 – The Global Cyber Alliance (GCA) announced today several key milestones in its continuing mission to eradicate cyber risk through concrete actions.

The successful Quad9 DNS security service, which protects users from accessing known malicious websites, has grown more than 35-fold since its launch in November 2017, now reaching more than 120 countries and blocking up to 360 million connections to malicious and compromised websites in the past six months.

In addition, more than 22,000 organizations in 166 countries have used the GCA Domain-based Message Authentication, Reporting & Conformance (DMARC) Setup Guide to check their email domain’s phishing security and spoofing security. Nearly 5,000 organizations have deployed DMARC to protect their employees, partners and customers from being tricked by scammers trying to hijack their web domain to steal personal or financial information.

The announcements came following a meeting of GCA’s Strategic Advisory Committee, which comprises executives from more than 40 organizations spanning the finance, health, telecommunications, education, insurance, cybersecurity, technology, and media sectors, as well as government and law enforcement officials from Canada, France, the United Kingdom, and the United States.

“GCA was formed to take collective action to reduce and eradicate cyber risks, and we do this by uniting global communities, implementing concrete solutions, and measuring the effects,” said GCA president and CEO, Phil Reitinger. “We are passionate about helping users access affordable and automatic security solutions, and our progress over the past six months, in collaboration with many dedicated individuals and organizations, inspires us to keep moving forward and tackling new challenges.”

6 months of Quad9

The Quad9 DNS security service, which GCA conceptualized and built with IBM and Packet Clearing House, has scaled quickly since its launch six months ago. The service incorporates multiple threat intelligence feeds and blocks up to two million domain lookups each day, preventing users from connecting to a malicious website. More than a dozen cities were recently added to the service’s network of servers, including Bangkok, Thailand; Vilnius, Lithuania; Columbo, Sri Lanka; Siegerland, Germany; Posadas, Argentina; Luanda, Angola; Kiev, Ukraine; Kuala Lumpur, Malaysia; Enfidha, Tunisia; Harare, Zimbabwe; Lyon, France; and Tallinn, Estonia.

“We selected these regions because our deployment model is specifically designed to push our DNS services out to the very edges of the world in places where most other systems will not or cannot deliver excellent service,” said John Todd, Quad9 executive director. “Everyone should be able to enjoy a base level of security, privacy, and performance on the Internet regardless of location or economic circumstances. The focus as we grow our network footprint is to be in every country and every city in which we can deploy our service, regardless of economic weight, population density, or pre-existing network infrastructure.”

DMARC and Email Security

DMARC (Domain-based Message Authentication, Reporting & Compliance) was developed as a collaborative effort to combat fraudulent email by authenticating the sender of an email. GCA created a Setup Guide that enables world-wide adoption of DMARC, an email authentication standard that helps users protect their email domains from spoofers, spammers and phishing attacks.

The guide has been translated into 17 languages and has been used by more than 13,500 organizations in the past six months. In 2016, the U.K. government mandated that all U.K. government domains enable DMARC. The U.S. government followed suit in late 2017 with the issuance of Binding Operational Directive 18-01, requiring all U.S. federal civilian domains to enable DMARC.

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

###

The U.S. government has gotten behind the Domain-based Message Authentication, Reporting & Conformance (DMARC) email authentication standard in full force while the private sector, for once, is playing catch up. Phil Reitinger, president and CEO of the Global Cyber Alliance, spoke with SC Media Executive Editor Teri Robinson about DMARC’s benefits and its trajectory in both the private and public sectors.

You can watch the full video interview here:

For more information about DMARC and how to implement it to better protect your domain, please visit dmarc.globalcyberallaince.org.

Only One of 26 Email Addresses Managed by Executive Office of the President Uses DMARC Security Protocol to Block Phishing


WASHINGTON, April 4, 2018 – More than 95 percent of email domains managed by the Executive Office of the President (EOP) are in danger of being used in a large-scale phishing attack. Only the Max.gov email domain has fully implemented the top defense against email phishing and spoofing, according to research released today by the Global Cyber Alliance (GCA). Seven of the domains have implemented the Domain Message Authentication Reporting & Conformance (DMARC) protocol at the lowest level “none” which monitors email but does not prevent delivery of spoofed emails. Further, GCA found that 18 of the 26 email domains under management haven’t started the deployment of DMARC.

Without DMARC implemented, scammers and criminals can easily “hijack” an email domain to steal money, trade secrets or even jeopardize national security. DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of workers in all sectors of society.  According to the 2017 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years.

“Email domains managed by the EOP are crown jewels that criminals and foreign adversaries covet,” said Philip Reitinger, president and CEO of the Global Cyber Alliance. “The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed.  The good news is that four new domains have implemented DMARC at the lowest level, which I hope indicates that DMARC deployment is moving forward.  The EOP domains that have recently deployed DMARC at its lowest setting includes WhiteHouse.gov and EOP.gov, two of the most significant government domains.  I hope that the government will move rapidly to block phishing attempts across all EOP domains.”

Domains under the control of the EOP include Budget.gov, OMB.gov, WhiteHouse.gov, USTR.gov, OSTP.gov and EOP.gov – all well-known email domains that are valuable for phishers looking to trick government employees, government contractors, and U.S. citizens.

The weak DMARC deployment by the EOP is surprising after the U.S. Department of Homeland Security mandated that all federal agencies implement DMARC last year. Security experts praised DHS and Senator Ron Wyden, who called for agencies to implement DMARC, for pushing government agencies to quickly implement DMARC at the highest level possible.

Using GCA’s DMARC tools, the researchers scanned the 26 EOP email domains:

 

  DMARC Count Effect at this level of implementation
Domains Tested 26 (The email domains of the Executive Office of the President)
Reject 1 The highest level of DMARC protection. If reject is in place, incoming messages that fail authentication get blocked.
Quarantine 0 The second highest level of DMARC protection. With quarantine in place, emails that don’t meet the policy are sent to the spam or junk folder.
None 7 None means that the DMARC policy is in place, but the only thing that’s happening is monitoring. No action is being taken to block spoofed emails.
No Policy 18 No policy means that DMARC is not in place.

GCA has published five reviews of DMARC implementation – two looking at organizations in cybersecurity, one looking at banks, one examining public and private hospitals, and most recently a look at the top tax software providers. When Agari looked at Fortune 500 companies last August, they found 8 percent protected their companies’ domains with DMARC.

For more details about DMARC or to check if an organization is using DMARC, visit: dmarcguide.globalcyberalliance.org.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by to uniting global communities, implementing concrete solutions, and measuring the effect. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org