DMARC

Category

Posts

Fed Gov 90 Days to DMARC

The Global Cyber Alliance Provides Free Tools for Agencies to Meet

U.S. Department of Homeland Security Deadline


WASHINGTON, D.C., July 16, 2018 – U.S. federal government agencies have less than 90 days to meet a U.S. Department of Homeland Security (DHS) Binding Operational Directive (BOD) focused on bolstering email and website security for all federal agencies that operate .gov email and website domains. The federal government has made good progress toward fulfilling the directive, with 74% of the domains tested having implemented a DMARC policy, however, less than half of the domains (47%) are at the highest policy level of “reject” – the setting that prevents spoofed email from being delivered to people. Agencies have three more months to meet the requirements of the directive.

By October 16, 2018, all agencies are required to deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) at the policy level of “reject” to prevent spammers and phishers from using an organization’s name to conduct cyberattacks.

Since the BOD was issued on October 16, 2017, GCA research has found that more than 600 agency email domains have moved to the most secure “reject” setting for DMARC. In total, 605 domains are set to “reject” and 26 are set at the second-highest security level, “quarantine”. However, half of all federal government email domains (319) have only deployed DMARC at its least secure setting or have not deployed DMARC at all (334).

“DHS has shown tremendous leadership in requiring the deployment of advanced email and web security tools that will protect consumers, government workers and our nation’s critical infrastructure,” said Philip Reitinger, president and CEO of the Global Cyber Alliance. “Even with difficulties, agencies should at least have implemented DMARC at its most simple level. It takes little time, does not risk disruption of service, and provides insight on operations and threats.”

GCA has helped organizations implement DMARC with a collection of free resources that include the GCA DMARC Setup Guide, instructional videos, and webinars. Agencies can take advantage of these resources online at www.dmarc.globalcyberalliance.org.

DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of any person with an email address.  According to the 2018 Symantec ISTR report, 1 in 131 emails contained malware, the highest rate in 5 years.

Without DMARC protection, hackers can create emails that appear to be from a trusted source but instead contain malicious links or ask for additional personal information that could be provided by unsuspecting consumers.

 

About the Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

BRUSSEL, 25 juni 2018- Global Cyber Alliance (GCA) heeft vandaag aangekondigd dat ze hun werking uitbreiden in continentaal Europa en dat ze Līga Raita Rozentāle aannemen als Directeur GCA, Europese Unie (EU). Mevrouw Rozentāle zal tewerkgesteld zijn in Brussel. Ze zal de groei van GCA in Europa begeleiden en als liaison fungeren met de EU.

“We vergroten ons bereik in continentaal Europa zodat we globaal verder kunnen samenwerken,” zei Philip Reitinger, voorzitter en CEO van GCA. “Līga beschikt over een indrukwekkende portfolio bij de Raad van Europa en over zeer uitgebreide kennis inzake cyberbeveiliging en -beleid in een multiculturele omgeving. We prijzen ons gelukkig dat we over zo’n expertise kunnen beschikken bij GCA en we kijken ernaar uit om Lïga’s talenten in te zetten bij ons streven naar het uitroeien van cyberrisico’s.”

Rozentāle vervoegt GCA terwijl de organisatie volop sterke vooruitgang boekt bij het inperken van systematische cyberrisico’s.

De succesvolle Quad9 DNS beveiligingsdienst die ervoor zorgt dat gebruikers niet op schadelijke websites terecht komen, is meer dan 35 keer groter geworden sinds de lancering ervan in november 2017. De dienst beslaat nu meer dan 120 landen en heeft over de laatste zes maand meer dan 360 miljoen verbindingen naar schadelijke en aangetaste websites geblokkeerd.

Bovendien hebben meer dan 22 000 organisaties in 167 landen gebruik gemaakt van de installatiehandleiding van GCA Domain-based Message Authentication, Reporting & Conformance (DMARC) om de beveiliging van hun e-maildomein te controleren op veiligheid wat betreft phishing en spoofing. Bijna 5 000 organisaties hebben DMARC gebruikt om hun werknemers, partners en klanten te beschermen tegen scammers die webdomeinen proberen kapen om persoonlijke of financiële informatie te verkrijgen.

“Ik ben blij deel uit te maken van Global Cyber Alliance en te kunnen bijdragen aan het ongelofelijke werk van deze organisatie,“ zei Rozentāle. “Mijn passie voor cyberveiligheid en mijn engagement om resultaten te verkrijgen passen perfect bij GCA. Ik ben helemaal klaar om met de EU en de lidstaten samen te werken en de uitdagingen inzake cyberveiligheid aan te gaan.”

Voor haar tewerkstelling bij GCA trad mevrouw Rozentāle op als Raadgever Cyberbeveiligingsbeleid bij de Permanente Vertegenwoordiging van Letland bij de EU. Daar was ze verantwoordelijk voor de onderhandelingen inzake legislatieve en niet-legislatieve cyberbeveiliging en -verdediging bij de EU, de NAVO en andere internationale organisaties. Mevrouw Rozentāle is zeer ervaren wat betreft veiligheidsbeleid en internationale relaties, o.a. door een fellowship bij de Verenigde Naties. Ze behaalde een Bachelor of Arts aan de Universiteit van Illinois en een Master of Arts aan het Middlebury Institute of International Studies in Monterey, California.

“Global Cyber Alliance blijft sterke relaties opbouwen en wil de globale gemeenschap verenigen teneinde onze collectieve cyberveiligheid te vergroten. We versterken deze samenwerking nog door een nieuwe, toegewijde aanwezigheid in Brussel onder leiding van mevrouw Rozentāle. Dit is een mijlpaal voor het bereiken van de doelen van GCA,” zei Ian Dyson, commissaris van de City of London Police. “Mevrouw Rozentāle heeft haar carrière gewijd aan veiligheid en internationale relaties, en we zijn blij dat ze die deskundigheid meebrengt naar GCA.”

“De indienstneming van mevrouw Rozentāle is belangrijk voor Global Cyber Alliance. De voortdurende uitbreiding van GCA in Europa en het opbouwen van relaties met de Raad van Europa is van het grootste belang en maakt het mogelijk voor GCA om de globale cyberrisico’s in te schatten en aan te pakken,” zei Scott Charney, de Vicevoorzitter van Microsoft voor Veiligheidsbeleid en de Voorzitter van de Raad van Bestuur van Global Cyber Alliance. “Ik ben er trots op dat ik GCA vertegenwoordig en ik kijk ernaar uit om verder te groeien en te cyberrisico’s te doen afnemen.”

Over Global Cyber Alliance

Global Cyber Alliance (GCA) is een internationale, intersectorale organisatie die gewijd is aan het uitroeien van cyberrisico’s en het verbeteren van onze verbonden wereld. We bereiken ons doel door globale gemeenschappen te verenigen, concrete oplossingen te implementeren en het effect te meten. Meer informatie vindt u op www.globalcyberalliance.org.

 

###

BRUSSELS, June 25, 2018- The Global Cyber Alliance (GCA) today announced expansion of its operations into continental Europe and the hiring of Līga Raita Rozentāle, who is joining GCA as Director, European Union (EU). Ms. Rozentāle, who is based in Brussels, will help guide the growth of GCA throughout the European region and will serve as a liaison with the EU.

“Expanding our reach throughout continental Europe enables us to further our collaboration at the global level,” said Philip Reitinger, president and CEO of GCA. “Līga has an impressive portfolio with the Council of the EU and tremendous knowledge of cybersecurity practices and policies within multicultural environments. We are fortunate to have that expertise at GCA, and we look forward to leveraging Līga’s talents toward our mission of eradicating cyber risk.”

Rozentāle joins GCA at a time when the organisation is making tremendous strides in its mission to mitigate systemic cyber risk.

The successful Quad9 DNS security service, which protects users from accessing known malicious websites, has grown more than 35-fold since its launch in November 2017, now reaches more than 120 countries, and has blocked up to 360 million connections to malicious and compromised websites in the past six months.

In addition, more than 22,000 organizations in 167 countries have used the GCA Domain-based Message Authentication, Reporting & Conformance (DMARC) Setup Guide to check their email domain’s phishing security and spoofing security. Nearly 5,000 organisations have deployed DMARC to protect their employees, partners and customers from being tricked by scammers trying to hijack their web domain to steal personal or financial information.

“I am thrilled to be part of the Global Cyber Alliance and contribute to the incredible work of this organisation,” Rozentāle said. “My passion for cybersecurity and commitment to getting results are perfectly aligned with GCA, and I’m excited to help expand the reach across the EU and the Member States as we work together to address cyber challenges.”

Prior to her position at GCA, Ms. Rozentāle served as Counsellor-Cybersecurity Policy at the Latvian Permanent Representation to the EU, where she was responsible for negotiations on legislative and nonlegislative cybersecurity issues and promoting Latvian national interests in cybersecurity and cyber defense at the EU, NATO and other international organisations. Ms. Rozentāle has extensive experience in security policy and international relations, including a fellowship at the United Nations. She has a Bachelor of Arts from the University of Illinois and a Master of Arts from the Middlebury Institute of International Studies at Monterey, California.

“The Global Cyber Alliance continues to build strong relationships in its efforts of uniting the global community to improve our collective cybersecurity. Expanding the partnerships with a new, dedicated presence in Brussels, under the leadership of Ms. Rozentāle, is a key milestone in accomplishing GCA goals,” said Ian Dyson, City of London Police Commissioner. “Ms. Rozentāle has dedicated her career to security and international relations, and we are pleased that she brings that expertise to GCA.”

“The hiring of Ms. Rozentāle marks a significant achievement for the Global Cyber Alliance. GCA’s continued expansion into Europe and building of relationships with the Council of the EU is paramount to GCA’s ability to scale and address global cyber risk,” said Scott Charney, Microsoft’s Vice President for Security Policy and Global Cyber Alliance Chairman of the Board. “I’m proud to represent GCA and look forward to its continued growth and success reducing cyber risk.”

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

###

Anti-Phishing and Web Surfing Security Tools Deployed Across More Than 200 Countries


London, June 6, 2018 – The Global Cyber Alliance (GCA) announced today several key milestones in its continuing mission to eradicate cyber risk through concrete actions.

The successful Quad9 DNS security service, which protects users from accessing known malicious websites, has grown more than 35-fold since its launch in November 2017, now reaching more than 120 countries and blocking up to 360 million connections to malicious and compromised websites in the past six months.

In addition, more than 22,000 organizations in 166 countries have used the GCA Domain-based Message Authentication, Reporting & Conformance (DMARC) Setup Guide to check their email domain’s phishing security and spoofing security. Nearly 5,000 organizations have deployed DMARC to protect their employees, partners and customers from being tricked by scammers trying to hijack their web domain to steal personal or financial information.

The announcements came following a meeting of GCA’s Strategic Advisory Committee, which comprises executives from more than 40 organizations spanning the finance, health, telecommunications, education, insurance, cybersecurity, technology, and media sectors, as well as government and law enforcement officials from Canada, France, the United Kingdom, and the United States.

“GCA was formed to take collective action to reduce and eradicate cyber risks, and we do this by uniting global communities, implementing concrete solutions, and measuring the effects,” said GCA president and CEO, Phil Reitinger. “We are passionate about helping users access affordable and automatic security solutions, and our progress over the past six months, in collaboration with many dedicated individuals and organizations, inspires us to keep moving forward and tackling new challenges.”

6 months of Quad9

The Quad9 DNS security service, which GCA conceptualized and built with IBM and Packet Clearing House, has scaled quickly since its launch six months ago. The service incorporates multiple threat intelligence feeds and blocks up to two million domain lookups each day, preventing users from connecting to a malicious website. More than a dozen cities were recently added to the service’s network of servers, including Bangkok, Thailand; Vilnius, Lithuania; Columbo, Sri Lanka; Siegerland, Germany; Posadas, Argentina; Luanda, Angola; Kiev, Ukraine; Kuala Lumpur, Malaysia; Enfidha, Tunisia; Harare, Zimbabwe; Lyon, France; and Tallinn, Estonia.

“We selected these regions because our deployment model is specifically designed to push our DNS services out to the very edges of the world in places where most other systems will not or cannot deliver excellent service,” said John Todd, Quad9 executive director. “Everyone should be able to enjoy a base level of security, privacy, and performance on the Internet regardless of location or economic circumstances. The focus as we grow our network footprint is to be in every country and every city in which we can deploy our service, regardless of economic weight, population density, or pre-existing network infrastructure.”

DMARC and Email Security

DMARC (Domain-based Message Authentication, Reporting & Compliance) was developed as a collaborative effort to combat fraudulent email by authenticating the sender of an email. GCA created a Setup Guide that enables world-wide adoption of DMARC, an email authentication standard that helps users protect their email domains from spoofers, spammers and phishing attacks.

The guide has been translated into 17 languages and has been used by more than 13,500 organizations in the past six months. In 2016, the U.K. government mandated that all U.K. government domains enable DMARC. The U.S. government followed suit in late 2017 with the issuance of Binding Operational Directive 18-01, requiring all U.S. federal civilian domains to enable DMARC.

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org.

 

###

Influential Industry Leaders Will Help Shape and Expand GCA’s Global Reach


LONDON, May 31, 2018 – The Global Cyber Alliance (GCA) announced today the installation of eight individuals to serve as GCA Ambassadors who will further the nonprofit’s mission of eradicating cyber risk. These individuals were chosen because of their tremendous reputations in the cybersecurity community and their commitment to making a positive difference in addressing cyber challenges. The Ambassadors, who serve one-year terms, are:

Yossi Appleboum, Co-CEO, Sepio Systems

Barry Gooch, Chairman, Prevention of Fraud in Travel (PROFiT)

David Harcourt, Chief Security Advisor, BT

Tony Krzyzewski, Co-founder and Director, SAM for Compliance

Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive, U.S. Bank

Graeme Newman, Chief Innovation Officer, CFC Underwriting Ltd.

Jay Singh, Marketing and Partnerships, Red Sift

Nicola Staub, Prosecutor, Public Prosecutor’s Office, Canton of Schwyz, Switzerland

The Ambassadors come from diverse backgrounds and comprise an international cadre of influential leaders, representing organizations in Israel, New Zealand, Switzerland, the U.K., and the U.S., and spanning several sectors including financial services, law enforcement, technology, telecommunications and travel.

The Ambassadors will help increase the adoption of existing and future GCA tools and solutions, including its DMARC email authentication efforts and Quad9, the DNS security service that protects against malicious websites while preserving privacy. The Ambassadors will serve key roles in facilitating early testing of GCA tools and will assist with public outreach to ensure these resources are globally available. Ambassadors will also support sustainability efforts for the nonprofit, which makes its tools available to everyone, at no cost.

“We are so pleased that these expert individuals have agreed to serve as GCA Ambassadors,” said Andy Bates, GCA executive director for the United Kingdom, Europe, Middle East and Africa. “They will help us expand our reach within the international community and serve a vital role in shaping the future direction of GCA. It is important to a global organisation to have friends who understand local culture.”

“It’s truly an honor to have this group of influential and talented individuals helping us in our efforts to make the Internet a safer and more secure place for all global citizens,” said Maryam Rahmani, GCA global partnership officer. “Their willingness to contribute their time and expertise toward making a positive difference in our collective cybersecurity exemplifies the spirit of collaboration that is the cornerstone of GCA.”

Yossi Appleboum, Co-CEO, Sepio Systems said, “I’m honored to serve as a Global Cyber Alliance Ambassador and have the opportunity to help in build an ecosystem that connects between the GCA, governments and industry for creating a better secured society. I am looking forward to contributing my experience in building robust cybersecurity platforms and promoting them to the current GCA products such as Quad9 and the DMARC Setup Guide and to the future ones.”

Barry Gooch, Chairman, Prevention of Fraud in Travel (PROFiT) said, “We all rely on the internet.  I am humbled to be appointed as a GCA Ambassador, and I truly believe that it is only by working collectively and inclusively across international boundaries and sectors that we can identify and counter malign cyber activity and measure the effectiveness of our work.  GCA’s work in producing accessible and free solutions is exactly what is required for the digital economy to flourish, and we should all support it.”

David Harcourt, Chief Security Advisor, BT said, “I’m proud to have been asked to be a GCA Ambassador and the opportunity it provides to reach further in driving cybersecurity improvements across the industry, making the internet a safer place for everyone as it becomes more fundamental to our day to day lives.”

Tony Krzyzewski, Co-founder and Director of SAM for Compliance said, “I am delighted to be able to take on the role of Ambassador for the Global Cyber Alliance. I believe that the Alliance plays a very important role in helping reduce cybersecurity related risk across the world and, with this Ambassadorship, this presence will be enhanced within the Australasian region.”

Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive at U.S. Bank said, “U.S. Bank is committed to improving the cybersecurity ecosystem. The work that GCA is advancing does just that, from developing tools to simplify DMARC adoption to exploring IoT security.  I am proud to be appointed as a GCA Ambassador.”

Graeme Newman, Chief Innovation Officer, CDC Underwriting said, “The GCA takes a refreshing, pragmatic approach to combating cyber risk – identifying and implementing concrete, measurable actions and soliciting engagement from a variety of industries and geographies. The cyber insurance sector, in particular, has a responsibility to support this mission, and I’m eager to amplify the work the GCA is doing through my role as Ambassador.”

Jay Singh, Marketing and Partnerships, Red Sift said, “The GCA plays a pivotal role in raising awareness and adoption of DMARC globally, and it’s an honour to have been selected as a GCA Ambassador to champion the innovation that underpins the GCA’s solutions and tools. I look forward to working with like-minded information security professionals towards our shared mission of eliminating the cyber challenges faced globally by industries and governments over the coming year.”

Nicola Staub, Prosecutor, Public Prosecutor’s Office, Canton of Schwyz, Switzerland said,  “As a Prosecutor I am doing my best to investigate cyber crimes and bring people to justice who commit them. However, a crime prevented is far better than a crime prosecuted. Supporting the Global Cyber Alliance was therefore a no-brainer: the fight against cyber crimes requires a collective, cross-sector and transnational effort. I am proud to be a part of that.”

About Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at www.globalcyberalliance.org

###

The U.S. government has gotten behind the Domain-based Message Authentication, Reporting & Conformance (DMARC) email authentication standard in full force while the private sector, for once, is playing catch up. Phil Reitinger, president and CEO of the Global Cyber Alliance, spoke with SC Media Executive Editor Teri Robinson about DMARC’s benefits and its trajectory in both the private and public sectors.

You can watch the full video interview here:

For more information about DMARC and how to implement it to better protect your domain, please visit dmarc.globalcyberallaince.org.

Bob Gourley, former Defense Intelligence Agency CTO and Founder and CTO of Crucial Point, LLC, discusses the failure of government IT contractors to incorporate some standard email security measures with Government Matter TV.