NEW YORK, April 3, 2017 – Trust, from both customers and investors, is the most important currency for financial services companies. A breach of trust can break a bank, while maintaining trust leads to long-term success. At its core, financial services customers expect their banking institutions to protect their money and their information. And it starts with the most basic of 21st century communications – email.
So how are the globe’s leading financial institutions doing?
The good news is that the five largest banks in the U.S. are deploying the Domain-based Message Authentication, Reporting & Conformance (DMARC) email security protocol to prevent their brands from being hijacked and protect consumers from data theft, according to a new study from the Global Cyber Alliance (GCA).
However, there is still much more work to be done.
Only 11 of the top 50 U.S. banks and just 9 of the 50 largest European banks have deployed DMARC to block spoofed emails or have them marked as spam. Further, NONE of the 50 fastest growing independent banks in the U.S. use DMARC at all. An additional 22 banks out of the top 50 in the U.S. and 10 out of the top 50 in Europe have not fully deployed DMARC, preventing those organizations from gaining the benefits of DMARC. Reasons for this can vary, including that a bank is only beginning the process of DMARC implementation.
“We have tested and used DMARC in monitoring mode and are moving into “reject” mode to protect the more than 60 million emails we distribute monthly,” said Troels Oerting, Group Chief Security Officer, Group CISO for Barclays Plc. “We need more companies to deploy DMARC to strengthen the ecosystem. I call on my peers across the financial sector and other industries to implement DMARC as part of email security and anti-phishing efforts.”
Banks that deploy DMARC can stop spammers and phishers from using an organization’s name to trick unsuspecting customers and conduct cyber attacks. DMARC provides insight into any attempts to spam, phish or spear-phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide.
“At U.S. Bank, we work to earn the trust of customers every day,” said Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive at U.S. Bank. “U.S. Bank utilizes DMARC, and I always recommend that our clients consider implementing DMARC to protect their brand and their clients.”
“DMARC is a critical protection against spear-phishing emails and other email-born phishing attacks,” said Freddy Dezeure, head of the Computer Emergency Response Team for the European Union (CERT-EU). “We strongly recommend that every organization implement it to protect their businesses, employees and customers.”
“DMARC prevents the hijacking of a company’s brand, protecting its reputation and its relationships with customers and investors,” said Philip Reitinger, President and CEO of GCA. “DMARC is proven, and it is free. Deployment is quite simple for many small and medium-size organizations, and reasonable for large organizations especially given the significant return on investment. If a customer can’t trust your email correspondence, they will be looking elsewhere rather quickly.”
GCA now offers a DMARC Setup Guide that will take network security professionals step-by-step through the entire DMARC installation process at https://dmarc.globalcyberalliance.org.
About The Global Cyber Alliance
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.
GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.