Top Security Firms at Black Hat USA Left
Vulnerable to Phishing Attacks

July 26, 2017

Adoption of Proven Front-Line Defense Against Phishing Remains Low


LAS VEGAS, July 26, 2017 – The globe’s leading security firms exhibiting at Black Hat USA 2017 have a long way to go towards the adoption of DMARC – email authentication – which can greatly reduce phishing attacks and the ability for hackers to hijack domains for ransomware attack.

The clear majority of exhibitors selling their cybersecurity products and expertise at Black Hat have not deployed DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using an organization’s name to conduct cyber attacks, according to new research from the Global Cyber Alliance (GCA).

Just 18 of 268 Black Hat exhibitors are using the two highest levels of DMARC policies – quarantine and reject.  Another 54 have begun deployment of DMARC but are at the lowest level, which only allows for monitoring of malicious emails.  Questionable email is not prevented from being delivered to the Inbox.  More than 73 percent of Black Hat exhibitors have not deployed DMARC at all.

Studies have shown that organizations that use DMARC correctly receive just 23 percent of the email threats than those who do not use DMARC.

DMARC provides insight into any attempts to spam or phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email Inboxes worldwide. However, DMARC adoption rates among enterprises and government remains low.

Just last week, Senator Ron Wyden (D-OR) implored the U.S. Department of Homeland Security (DHS) to mandate the government-wide use of DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.”  Last year, the United Kingdom directed all government agencies to deploy DMARC.

The latest research from GCA, an international cross-sector organization dedicated to confronting systemic cyber risk, finds that adoption remains low in the cybersecurity industry as well.

Black Hat exhibitors are not alone. Only 15 percent of the 587 email domains (that were scanned) for companies exhibiting at February’s RSA Conference — one of the world’s largest gatherings of cybersecurity experts — use DMARC. Of the 111 RSA exhibiting organizations that do use DMARC, more than 70 percent use the DMARC policy of “none,” which only monitors for malicious email, greatly reducing the effectiveness of DMARC.

It is time for the cybersecurity industry to lead the charge and push for DMARC use across the globe. GCA strongly advocates that organizations implement DMARC and has developed a free DMARC Setup Guide to make DMARC implementation easier (https://dmarc.globalcyberalliance.org/).

Implementing DMARC can be a challenge. However, in addition to the DMARC Setup Guide, GCA has created several resources and video training materials for companies ranging in size from small startups to large multi-nationals.

“The cyber industry should lead in deployment of solutions. We need to do more than talk the talk; we have to walk the walk,” said Philip Reitinger, President and CEO of GCA. “DMARC works.  It reinforces trusted relationships with partners, customers and employees. Collectively, we must focus on implementing solutions. If we lead the way, we know others will follow.”


About The Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.

GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police, and the Center for Internet Security. Learn more at globalcyberalliance.org.