New Global Alliance Ranks Phishing as Top Cyber Risk for 2016

Law enforcement agencies and government representatives from the UK and the U.S. have formed an alliance to help combat cybercrime. The Global Cyber Alliance (GCA) was founded at the beginning of this year and after a meeting of its Strategic Advisory Committee (SAC) has determined that the top cyber risk is phishing.

While there are certainly other risks in the cyber world and possibly some that pose more risk from a technical point of view, the possible reason they chose phishing is because most people at home don’t have the benefit of anti-phishing training. In addition, phishing doesn’t just hit those who work in an office, but inboxes are filled with phishing email at home too. Therefore, the GCA is taking steps to help in that area.

They plan to do this by promoting the usage of the DMARC protocol and the use of secure DNS practices. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a way of allowing senders to indicate that their messages are further protected by a specific type of authentication. It also lets the receiver make a decision as to what to do if the message does not pass that authentication, such as toss it to junk or reject it completely. Using more secure DNS practices will help prevent spear-phishing attacks which increased 55% last year and contributed to losses of $3 billion to wire fraud scams against businesses (also called business email compromise).

Employees should be made the final line of defense against cybercrime. Training on how to identify phishing should be part of every organization’s security strategy. It’s not enough to implement technical barriers and expect them to do the job 100% of the time. Employees must be trained to recognize phishing and if something makes it into their in-boxes, there should be a well-defined procedure for letting the security team know about it so they can react accordingly.

The GCA also ranked weak identity authentication mechanisms, risks from vulnerable and compromised websites, and DDoS (Distributed Denial of Service) attacks at the top of the list.

© Copyright 2016 Stickley on Security