Global Cyber Alliance wants tougher protection for business, government email
SAN FRANCISCO Feb. 14, 2017 – There is a fix that can prevent a great amount of email-born attacks on consumers and businesses. Unfortunately, the vast majority of public and private organizations globally, including leading cybersecurity companies, have not deployed DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using an organization’s name to conduct cyber attacks, according to new research from the Global Cyber Alliance (GCA).
DMARC provides insight into any attempts to spam, phish or spear-phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide. However, DMARC adoption rates among enterprises and government remains low.
The UK Government’s guidance for government agencies directs them to implement DMARC[i] but as of December 2016 only five percent of UK public sector domains[ii] had done so. A mere 16 percent of the healthcare sector has adopted DMARC.
The latest research from GCA, an international cross-sector organization dedicated to confronting systemic cyber risk, finds that adoption remains low in the cybersecurity industry as well.
Only 15 percent of the 587 email domains (that were scanned) for companies exhibiting at the RSA Conference -- one of the world’s largest gatherings of cybersecurity experts -- use DMARC. Of the 90 RSA exhibiting organizations that do use DMARC, more than 66 percent use the DMARC policy of “none,” which only monitors for email domains, greatly reducing the effectiveness of DMARC.
It is time for the cybersecurity industry to lead the charge and push for DMARC use across the globe. GCA strongly advocates that organizations implement DMARC and has developed a free DMARC Setup Guide to make DMARC implementation easier (https://dmarc.globalcyberalliance.org/).
The value of correctly implementing DMARC is clear as studiesiii have shown that organizations that use DMARC correctly receive just 23 percent of the email threats that those who do not use DMARC.
“As world leaders in cybersecurity, we can do better. DMARC protects brands and preserves consumer confidence. While no security effort is cost-free, clear guidance and tools, such as the GCA DMARC Setup Guide, make DMARC implementation practical, and the benefits are considerable. DMARC is one of the cybersecurity protocols that can broadly reduce risk, and the more it is implemented, the more protection if offers for everyone,” said Philip Reitinger, President and CEO of GCA. “I’m placing a stake in the ground and calling on the cybersecurity industry to lead the adoption of DMARC, with a goal that 50 percent of the companies that exhibit at the 2018 RSA Conference implement DMARC prior to the conference, and that 90 percent implement prior to the 2019 RSA Conference. Working together the cybersecurity industry can be a role model and make a difference.”
About The Global Cyber Alliance
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measureable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.
GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org.