New Global Cyber Alliance Identifies Phishing as Top Cyber Security Risk
New Alliance Identifies Cyber Threats
At their first Strategic Advisory Committee (SAC) meeting held March 18th, the new Global Cyber Alliance (GCA) identified the four top cyber security risks that affect businesses and individuals across the world.
Phishing topped the list, but other significant vulnerabilities and threats included:
- Identity and authentication mechanisms that are inherently weak
- Websites that are compromised or vulnerable
- Distributed Denial of Service (DDoS) attacks
Phishing is Top Systemic Risk
The new alliance believes that phishing is the highest risk, and chose to address this threat first. According to a recent report from the GCA, two effective solutions were chosen for implementation: using the DMARC protocol to limit spoofing of email, and encouraging the use of secure DNS practices to help minimize "the effect of phishing and other attacks."
"Phishing is a priority for everyone, and there are many groups that are working on phishing, ... GCA will work in partnership with these organizations to tackle the problem ... so that we all may accelerate eradication of phishing as a systemic cyber risk." - GCA President and CEO, Philip Reitinger
Email Spoofing is a Concern
The implemented measures should also help spear-phishing (email 'spoofing') -- a targeted email towards an individual, business, or organization (public or private) that appears to be from an individual or company known and communicated with, but it is not. Spoofed emails can even appear to come from one's own company. Cyber criminals use this method to gain access to confidential emails, steal private information, and/or install malware.
The FBI has warned of such attacks, and the instances of these phishing/spear-phishing attacks increased 55 percent in 2015, according to a public announcement by the agency. They also urged companies and individuals to increase protective measures for their networks, including two-factor authentication.
The GCA also identified weak authentication mechanisms as vulnerabilities in networks, its second issue to be undertaken.
GCA: Three Partners, One Alliance
The GCA, a counter-cyber crime alliance, is comprised of three founding partners, the New York County District Attorney's Office, Center for Internet Security, and the City of London Police. GCA was formed in January of 2016 as a cross-sector (public/private), international effort to address global cyber risks.
The Alliance seeks to do more than identify risks; its main goals are:
- Universal risk identification
- Identify and implement solutions for identified risks
- Ensure measurable mitigation efforts exist for identified threats
- Implement solutions, monitor progress of efforts, and ensure positive impact
The alliance makes concerted efforts to take action to address cyber-security threats the organization believes it can make positive, measurable progress against.
This may be exactly the type of organization needed today to address many of the current and increasingly sophisticated challenges to cyber security.