According to an article that ran in The Guardian, in 2012 United Kingdom topped the global list of nationstargeted by phishing scams. More recently, Financial Fraud Action UK found that the number of phishing victims in the UK rose by 21 percent in a year translating to total losses in the range of $225.4 billion/£174.4 million. It’s no wonder then that Britain’s Government Digital Service (GDS) has announced that all agencies using the sub-domain “service.gov.uk” must encrypt email communication between central government organizations and accounts outside the Public Service Network (PSN).
Further, the GDS has deemed that all government organizations will need to adhere to a new authentication protocol known as DMARC (Domain-based Authentication Reporting and Conformance) that enables email senders to verify legitimate messages and exchange information about how to handle unauthenticated messages (monitor, quarantine or delete). In fact, the GDS has stated that by Oct. 1. 2016, all agencies must set the DMARC policy to the highest level (reject = p), thereby ensuring that only authenticated messages get through to people’s inboxes.
Each year more than 100 billion spam emails are sent around the world, many of them part of large-scale phishing attacks that attempt to trick recipients into either entering sensitive information into a fraudulent website or downloading malware onto their computer. These phishing attacks lead to more than $1.8 billion/£1.4 billion in losses a year.
A strong email authentication system is one of the most effective means of ensuring that recipients are reading messages only from the intended sender and not someone spoofing a legitimate organization. The UK government’s implementation of DMARC means that cybercriminals will no longer be able to spoof the service.gov.uk domain, a tremendous boon to government agencies and citizens alike. Restoring trust in email communications is paramount for legitimate organizations, and other governments and enterprises would be well advised to follow in the UK’s footsteps.
DMARC Compass makes compliance easy
Luckily, it doesn’t have to be difficult to ensure that your organization is DMARC compliant. Easy Solutions’ DMARC Compass email authentication solution makes adopting these new standards a breeze. With DMARC Compass, enterprises can quickly identify and shut down phishing attacks in a targeted manner. Additionally, organizations can increase their visibility over authorized e-mail campaigns, and ensure third-party organizations sending e-mails on their behalf are accounted for.
DMARC Compass enables organizations to view analytics on all sent emails associated with a domain; identify email configuration errors, missing authentication, and unauthorized third-party senders; and reduce attack takedown times through proactive identification of new threats. And, with DMARC Compass phishers and spammers are denied the ability to spoof an organization’s domain. IT is able to proactively detect 76 percent of fraud attacks and remove phishing sites in 3.6 hours (compared to the industry average of 23 hours).
What’s more, Easy Solutions is the only email authentication supplier on G-Cloud, the UK’s procurement framework that streamlines the way in which public sector entities purchase cloud-based services. Because the UK government has already endorsed (and encourages) the use of G-Cloud among government employees, the purchase and subsequent implementation of DMARC Compass is an efficient means of compliance.
Phishing continues to increase in severity, a fact that lends further credence to the need for enterprises and government entities to embrace strong email authentication solutions. Solutions such as DMARC Compass provide users with real-time visibility into the full spectrum of web threats, allowing organizations to move quickly to stop fraud in its tracks once it’s been detected. As more governments follow in the UK’s footsteps, fraudsters, increasingly, will be on the run.