phishing

Category

Posts

GCA Press Release

NEW YORK, April 3, 2017 – Trust, from both customers and investors, is the most important currency for financial services companies. A breach of trust can break a bank, while maintaining trust leads to long-term success. At its core, financial services customers expect their banking institutions to protect their money and their information. And it starts with the most basic of 21st century communications – email.

So how are the globe’s leading financial institutions doing?

The good news is that the five largest banks in the U.S. are deploying the Domain-based Message Authentication, Reporting & Conformance (DMARC) email security protocol to prevent their brands from being hijacked and protect consumers from data theft, according to a new study from the Global Cyber Alliance (GCA).

However, there is still much more work to be done.

Only 11 of the top 50 U.S. banks and just 9 of the 50 largest European banks have deployed DMARC to block spoofed emails or have them marked as spam.  Further, NONE of the 50 fastest growing independent banks in the U.S. use DMARC at all. An additional 22 banks out of the top 50 in the U.S. and 10 out of the top 50 in Europe have not fully deployed DMARC, preventing those organizations from gaining the benefits of DMARC. Reasons for this can vary, including that a bank is only beginning the process of DMARC implementation.

“We have tested and used DMARC in monitoring mode and are moving into “reject” mode to protect the more than 60 million emails we distribute monthly,” said Troels Oerting, Group Chief Security Officer, Group CISO for Barclays Plc. “We need more companies to deploy DMARC to strengthen the ecosystem.  I call on my peers across the financial sector and other industries to implement DMARC as part of email security and anti-phishing efforts.”

Banks that deploy DMARC can stop spammers and phishers from using an organization’s name to trick unsuspecting customers and conduct cyber attacks. DMARC provides insight into any attempts to spam, phish or spear-phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide.

“At U.S. Bank, we work to earn the trust of customers every day,” said Jenny Menna, Senior Vice President and Cybersecurity Partnership Executive at U.S. Bank. “U.S. Bank utilizes DMARC, and I always recommend that our clients consider implementing DMARC to protect their brand and their clients.”

“DMARC is a critical protection against spear-phishing emails and other email-born phishing attacks,” said Freddy Dezeure, head of the Computer Emergency Response Team for the European Union (CERT-EU). “We strongly recommend that every organization implement it to protect their businesses, employees and customers.”

“DMARC prevents the hijacking of a company’s brand, protecting its reputation and its relationships with customers and investors,” said Philip Reitinger, President and CEO of GCA. “DMARC is proven, and it is free. Deployment is quite simple for many small and medium-size organizations, and reasonable for large organizations especially given the significant return on investment. If a customer can’t trust your email correspondence, they will be looking elsewhere rather quickly.”

GCA now offers a DMARC Setup Guide that will take network security professionals step-by-step through the entire DMARC installation process at https://dmarc.globalcyberalliance.org.

 

About The Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.

GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.

CyberScoop logo
GCA Press Release

The Hague, the Netherlands

Today, Europol and the Global Cyber Alliance (GCA) signed a Memorandum of Understanding (MoU) to cooperate on decreasing systemic cyber risk and improving internet security throughout Europe and beyond. The signing ceremony took place at Europol’s headquarters in The Hague.

As part of the MoU, Europol and GCA will fight cybercrime through the exchange of information on cybercrime trends and joint international projects to increase cybersecurity.

To this end, the two organisations will partner to offer best practice recommendations that help organisations secure their networks and domains through the Internet Immunity project. Europol and GCA will initially focus on improving adoption of the DMARC email validation policies, a vital tool that enables organisations to authenticate email and prevent spoofed and fraudulent email.

Additionally, as part of the common efforts in the fight against cybercrime, GCA has agreed to sign up as a supporting partner of the No More Ransom project. Due to continuous interest from public and private sectors, a third enlargement of the No More Ransom project is expected to be announced in the coming weeks.

During today’s meeting, Europol’s European Cybercrime Centre (EC3) delivered presentations on key developments and the challenges ahead in the area of cybercrime.

Regarding the newly-established MoU with GCA, Europol Director Rob Wainwright highlighted: “Cybercrime and cybersecurity are cross-cutting issues, and key tools must be developed to keep cybercriminals at bay. This is all the more important considering that other crime areas, like for instance terrorism and human trafficking, are becoming increasingly cyber-facilitated. Therefore, establishing MoUs with organisations such as GCA, designed to confront, address, and prevent malicious cyber activity, is in line with the priorities described in Europol’s 2016 Internet Organised Crime Threat Assessment (IOCTA).”

“We are bombarded with news reports of cyber attacks and breaches that compromise sensitive information or impair the operations of critical services or infrastructure, but greater awareness of the problem has not led to greater security,” said Phil Reitinger, President and CEO of the Global Cyber Alliance. “Cooperative relationships focused on outcomes, such as the one we are forging here today, will reduce systemic cyber risk in Europe and around the globe.”

“Given the importance of cybersecurity to citizens and institutions around the world, today’s announcement of the formal partnership between Europol and the Global Cyber Alliance (GCA) is a critical development,” said Manhattan District Attorney Cyrus R. Vance Jr. “The partnership marks an opportunity for GCA to collaborate with European cyber experts and for members of Europol to learn about GCA and its innovative tools. As part of its core mission to reduce cyber vulnerability worldwide, GCA recently announced the release of powerful tools designed to combat phishing attacks and other cyber threats. These tools are free and available to organisations of any size, and it is my hope that through this partnership, others will be encouraged to develop and implement practical safeguards against malicious cyber activity. As a co-founder of GCA, I wish to thank Europol and Director Wainwright for their leadership and to congratulate GCA on this significant achievement.”

“Organisations and law enforcement need to take a page from our approach — by sharing knowledge, methodologies, tools, and best practices,” said Troels Oerting, Global Cyber Alliance Board Chairman and Barclays Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO). “GCA’s partnership with Europol will strengthen our ability to work cooperatively across sectors and around the world to eliminate systemic risks to our cybersecurity.”