Government Security News February 2017 Digital Edition
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Expansion of DMARC is critical to reducing spread of<br />
malicious emails, says Global Cyber Alliance, calling on<br />
leading Cyber companies to improve email protections<br />
SAN FRANCISCO, CA – <strong>February</strong><br />
14, <strong>2017</strong> – There is a fix that can prevent<br />
a great amount of email-born<br />
attacks on consumers and businesses.<br />
Unfortunately, the vast majority<br />
of public and private organizations<br />
globally, including leading<br />
cybersecurity companies, have not<br />
deployed DMARC (Domain-based<br />
Message Authentication, Reporting<br />
& Conformance) to prevent<br />
spammers and phishers from<br />
using an organization’s name to<br />
conduct cyber attacks, according<br />
to new research from the Global<br />
Cyber Alliance (GCA).<br />
DMARC provides insight into<br />
any attempts to spam, phish or<br />
spear-phish using an organization’s<br />
brand or name. DMARC is supported<br />
by 85 percent of consumer<br />
email inboxes in the United States<br />
(including Gmail, Yahoo, Microsoft,<br />
etc.) and more than 2.5 billion<br />
email inboxes worldwide. However,<br />
DMARC adoption rates among enterprises<br />
and government remains<br />
low.<br />
The UK <strong>Government</strong>’s guidance<br />
for government agencies directs<br />
them to implement DMARC but<br />
as of December 2016 only five percent<br />
of UK public sector domains<br />
had done so. A mere 16 percent of<br />
the healthcare sector has adopted<br />
DMARC.<br />
The latest research from GCA, an<br />
international cross-sector organization<br />
dedicated to confronting systemic<br />
cyber risk, finds that adoption<br />
remains low in the cybersecurity industry<br />
as well.<br />
Only 15 percent of the 587 email<br />
domains (that were scanned) for<br />
companies exhibiting at the RSA<br />
Conference -- one of the world’s<br />
largest gatherings of cybersecurity<br />
experts -- use DMARC. Of the<br />
90 RSA exhibiting organizations<br />
that do use DMARC, more than<br />
66 percent use the DMARC policy<br />
of “none,” which only monitors for<br />
email domains, greatly reducing the<br />
effectiveness of DMARC.<br />
36<br />
It is time for the cybersecurity industry<br />
to lead the charge and push<br />
for DMARC use across the globe.<br />
GCA strongly advocates that organizations<br />
implement DMARC and<br />
has developed a free DMARC Setup<br />
Guide to make DMARC implementation<br />
easier (https://dmarc.globalcyberalliance.org/).<br />
The value of correctly implementing<br />
DMARC is clear as studiesiii<br />
have shown that organizations<br />
that use DMARC correctly receive<br />
just 23 percent of the email<br />
threats that those who do not<br />
use DMARC.<br />
“As world leaders in cybersecurity,<br />
we can do better. DMARC protects<br />
brands and preserves consumer<br />
confidence. While no security effort<br />
is cost-free, clear guidance and<br />
tools, such as the GCA DMARC<br />
Setup Guide, make DMARC implementation<br />
practical, and the benefits<br />
are considerable. DMARC is<br />
one of the cybersecurity protocols<br />
that can broadly reduce risk, and the<br />
more it is implemented, the more<br />
protection if offers for everyone,”<br />
said Philip Reitinger, President and