Home Emergency Management News New Global Cyber Alliance Identifies Phishing as Top Cyber Security Risk

New Global Cyber Alliance Identifies Phishing as Top Cyber Security Risk


New Alliance Identifies Cyber Threats

At their first Strategic Advisory Committee (SAC) meeting held March 18th, the new Global Cyber Alliance (GCA) identified the four top cyber security risks that affect businesses and individuals across the world.

Phishing topped the list, but other significant vulnerabilities and threats included:

  • Identity and authentication mechanisms that are inherently weak
  • Websites that are compromised or vulnerable
  • Distributed Denial of Service (DDoS) attacks

Phishing is Top Systemic Risk

The new alliance believes that phishing is the highest risk, and chose to address this threat first. According to a recent report from the GCA, two effective solutions were chosen for implementation: using the DMARC protocol to limit spoofing of email, and encouraging the use of secure DNS practices to help minimize "the effect of phishing and other attacks."

"Phishing is a priority for everyone, and there are many groups that are working on phishing, ... GCA will work in partnership with these organizations to tackle the problem ... so that we all may accelerate eradication of phishing as a systemic cyber risk." - GCA President and CEO, Philip Reitinger

Email Spoofing is a Concern

The implemented measures should also help spear-phishing (email 'spoofing') -- a targeted email towards an individual, business, or organization (public or private) that appears to be from an individual or company known and communicated with, but it is not. Spoofed emails can even appear to come from one's own company. Cyber criminals use this method to gain access to confidential emails, steal private information, and/or install malware.

The FBI has warned of such attacks, and the instances of these phishing/spear-phishing attacks increased 55 percent in 2015, according to a public announcement by the agency. They also urged companies and individuals to increase protective measures for their networks, including two-factor authentication.

The GCA also identified weak authentication mechanisms as vulnerabilities in networks, its second issue to be undertaken.

GCA: Three Partners, One Alliance

The GCA, a counter-cyber crime alliance, is comprised of three founding partners, the New York County District Attorney's Office, Center for Internet Security, and the City of London Police. GCA was formed in January of 2016 as a cross-sector (public/private), international effort to address global cyber risks.

The Alliance seeks to do more than identify risks; its main goals are:

  • Universal risk identification
  • Identify and implement solutions for identified risks
  • Ensure measurable mitigation efforts exist for identified threats
  • Implement solutions, monitor progress of efforts, and ensure positive impact

The alliance makes concerted efforts to take action to address cyber-security threats the organization believes it can make positive, measurable progress against.

This may be exactly the type of organization needed today to address many of the current and increasingly sophisticated challenges to cyber security.

Kimberly Arsenault Kimberly Arsenault serves as an intern at the Cleveland/Bradley County Emergency Management Agency where she works on plan revisions and special projects. Previously, Kimberly spent 15 years in commercial and business aviation. Her positions included station manager at the former Midwest Express Airlines, as well as corporate flight attendant, inflight manager, and charter flight coordinator. Kimberly currently holds a master's degree in emergency and disaster management from American Public University.