Working to Eradicate Global Cyber Risk

The World Economic Forum Global Risk Report 2018 cites cyber risk as one of the top risks we face today and is the number one risk that businesses are concerned about

The rate at which the threats are growing, combined with the rapid expansion of internet-connected devices – expected to reach 20 billion by 2020 – leaves businesses and governments vulnerable to attack. The threat is real.

The Global Cyber Alliance (GCA) is a nonprofit organisation whose mission is to eradicate systemic cyber risk through collection action. Most cybersecurity nonprofits are focused on raising awareness or making policy, but often the results are difficult to see or simply result in a lot of shelf-ware (i.e. more reports). GCA is action-oriented with a mantra of “Do Something. Measure It.” which implicitly is a way of saying “we don’t just talk about cyber.” GCA builds solutions that address serious problems. As a nonprofit, all of GCA’s solutions – actual cybercrime-fighting, systemic risk-reducing solutions – are available for free.

For the past two years, GCA has focused on the risk of phishing. We don’t just talk about making the internet safer – we are making the internet safer. We do this by:

UNITING GLOBAL COMMUNITIES

We must stand as a global community, across sectors and geography, if we are to effectively address cyber risks.

IMPLEMENTING CONCRETE SOLUTIONS

We build concrete solutions that reduce and eradicate cyber risk, and we make those solutions freely available for any organisation or individual to use.

MEASURING THE EFFECT

We are firm believers in measuring effectiveness, because we must measure to know we are doing the right things, and metrics drive action. We need to know what works and what does not.

What We’ve Done

Since our inception in September of 2015, GCA has launched two projects to address the risk of phishing and has created a global partnership from twenty-five (25) countries to deploy these solutions.

DMARC

Domain-based Message Authentication Reporting and Conformance – is a standard made available to the internet in 2010. DMARC allows an organisation to confirm, or authenticate, emails are from who they say they are. DMARC prevents the worst type of phishing: direct domain spoofing. If DMARC is properly implemented, it means only those who are authorized can send email using your organisation’s domain. It creates more trust and confidence in your brand, provides protection against phishing, and ensures better delivery of your email messages.

GCA created a Setup Guide that enables world-wide adoption of DMARC. GCA’s tool is available in eighteen (17) languages and with more to come. GCA has also embarked on a campaign to drive DMARC deployment by the private sector and government. The U.K. government has been a leader in government adoption, being the first to declare that all U.K. government domains have DMARC in place. In October of 2017, the U.S. government followed suit and has mandated DMARC implementation across all federal civilian agencies. The global financial sector has begun adopting DMARC, and the U.S. healthcare system has been advocating for the adoption of DMARC as well.

Learn more about DMARC at dmarc.globalcyberalliance.org.

QUAD9

Quad9 is a free security solution that uses DNS to protect systems against the most common cyber threats. GCA led the development of Quad9 in collaboration with Packet Clearing House (PCH) and IBM, along with contributions from multiple threat intelligence providers around the world. Since its public launch in November 2017, the service has spread globally to more than 150 countries and blocks access to millions of malicious websites every day. The service is used by individuals, businesses and governments.

How does Quad9 work? Quad9 leverages the power of the DNS to block malicious websites. DNS is like the “phone book” of the internet; it translates addresses like www.anydomain.com to an IP address which often looks like 192.168.0.1. All browsers and anything which uses a web name always uses DNS. All we have done is take some of the existing DNS infrastructure within the internet and have “inoculated” it against websites which contain viruses, malware or are known cybercrime sites.

This is not censorship or content filtering as the user is free to browse content of their choosing or inclination. It is security protection, only blocking access to those sites that have been identified as malicious (such as phishing, poisoned domains, malicious URLs).

Learn more about Quad9 at Quad9.net.