U.S. Government to mandate DMARC
This morning, news broke that the US Government has moved to mandate the use of DMARC to protect organisations and the public from emails being sent by fraudsters. The move follows the UK’s Government Digital Services Agency (GDS) who mandated that all UK government departments adopt DMARC at a full “p=reject” policy, by 1st October 2016.
Whilst Email is inherently insecure as a platform, DMARC has been widely acknowledged as the solution to the email fraud problem. DMARC enhances the pre-existing open stands SPF and DKIM by providing control, visibility and governance for an organisation’s sending domains.
The open letter published yesterday regarding the US Government’s move to mandate DMARC states:
“[DMARC], if enabled, would make it significantly harder for fraudsters and foreign governments to impersonate federal agencies. The threat posed by criminals and foreign governments impersonating U.S. government agencies is real.”
Major global organisations, such as Microsoft, Google, Apple, Facebook and 6 of the top 10 U.S. Banks have already deployed DMARC using the Agari Email Trust Platform. Locally, the Australian Department of Human Services earlier this year led the way by implementing Agari to protect the Australian public from fake Centrelink and Medicare scams that had been on the rise.
CEO of Australian Agari partner, InfoTrust, spoke of the trend:
“For years, organisations have tried and failed to deploy other protocols to lock down their domains. The problem has been visibility. DMARC has been a game changer – it’s been like turning a light on in a dark room.”
“For the first time, organisations get visibility into who is sending from their domains which enables confidence to lock down the domain with a “reject” policy without fear of business impacting loss of good email”.
CEO of Agari, said:
“Phishing, spear phishing and new Business Email Compromise (BEC) attacks use email to pose as government organisations or trusted brands and target the most vulnerable part of our defences: the human brain. In 95% of security breaches, cybercriminals use deceptive emails that trick users as the entry point into the organisation. The constant barrage of deceptive emails undermines trust in digital business and commerce, limiting growth. We have the technology and the open standards to eradicate phishing from Australia and around the world. It is incumbent on governments to lead by setting standards for cybersecurity and partner with private industry to achieve 100% adoption of DMARC. We are excited to have InfoTrust, with their extensive email security expertise, leading this effort in Australia using Agari.”
Earlier this year InfoTrust research of the Australian market found that very few organisations had deployed DMARC. In fact, only one ASX50 company has DMARC correctly configured with a reject policy.
Whilst overseas the story is very different, the proactive approach taken by the UK government has led to both the Public and Private sector adopting these controls to protect themselves and their customers.
“Locally, awareness is still low about DMARC. Many organisations are looking at SPF which has a number of inherent issues as explained in our blog which reduces its effectiveness. InfoTrust is working hard to raise awareness and help solve the exponential email fraud problem”.
see our
Related resources
As InfoTrust approaches its 7th anniversary, we are excited to announce significant changes as we grow our foothold in the cybersecurity market and look ahead to future expansion. Co-founders Dane Meah and Simon McKay will be stepping into Board positions while welcoming a new CEO, Keith Buckley to run the day-to-day operations and fuel the next stage of growth.
Buckley brings with him several decades of experience in the technology sector for companies including Dell, Symantec, McAfee, Riverbed and most recently Citrix, with a strong track record of taking established businesses to the next level.
Faced with a range of challenges from emerging cybersecurity threats to the COVID-19 Pandemic, Not-For-Profit Organisations in particular, are being tested on how they deal with the evolving threat landscape. The Salvation Army’s recent implementation of InfoTrust’s Incident Response Retainer Services prompted Justin Flower, InfoTrust’s Southern Region – General Manager to interview<
Salvation Army has augmented its cybersecurity capabilities by investing in InfoTrust’s Incident Response Retainer Services. This service supports the Salvation Army security team in responding to cyber incidents, reducing the potential risk of damage and breaches. InfoTrust’s consultants assist in finding the root cause of a security incident, provide containment and subsequent remediation advice.
Following on from Australian Prime Minister, Scott Morrison’s announcement the morning of Friday 19th June. InfoTrust has provided advice to media outlets and the general public on what they, and Australian businesses, can be doing to protect themselves against cyber attacks. Although this is not new information to many organisations, who generally have a good understanding of the cyber threats they face. The key message from the announcement was that the increased frequency, and sophistication of these attacks from a state-sponsored actor against the Australian government and businesses is of concern. The advice from the Government is to ensure you remain vigilant and cautious of any digital communication and interaction online.
I’m excited to announce that InfoTrust has been awarded Netskope’s Emerging Partner of the year 2019.
Each year Netskope awards this to partners that deliver not only consistent customer growth but also leverage the breadth of Netskope’s solution to create ground-breaking services.
“InfoTrust has demonstrated significant customer success, solution innovation, speed to market and deployment, and innovative go-to-market strategies. The fluid nature of cloud services and user flexibility in accessing and working with customer data has resulted in massive security challenges for the enterprise. This requires new approaches and best practices — two things core to InfoTrust’s success” – Reno Maglitto, A/NZ Director of Channel & Alliances at Netskope.
We’re excited to announce that last month InfoTrust achieved CREST certified status.
The Council of Registered Ethical Security Testers (CREST) is a non-profit organisation, which assesses and certifies that an individual or business is providing security assurance services of exemplary quality, with deep understanding and knowledge of the latest vulnerabilities and techniques used by real attackers.
Although we have employed CREST certified individuals for some time now, this is an exciting step for InfoTrust as it is an additional certification achieved by utilising best-practice methodologies and the highest standards of test hygiene and conduct.
We're Here To Help