The Global Cyber Alliance continues to coordinate smart guidance, tips and approaches for improving security posture. They are an international, cross-sector organization designed to confront, address, and prevent malicious cyber activity (it is led by the gracious and sociable cyber champion Phil Reitinger).
Their most recent report is titled “Top Federal IT Contractors Leave Emails Vulnerable to Phishing, Spoofing.” It is the result of a study of the use of a special email protocol called DMARC by the top federal contractors (DMARC stands for Domain-based Message Authentication, Reporting and Conformance). Basically this is a widely accepted set of configurations and protocols that can help organizations make sure their domains are not being spoofed by bad guys. Setting up DMARC is pretty easy, and once it is put in place it is harder to have your domain used for phishing attacks against others, and is a little easier to protect your own employees from some kinds of tricks.
With the release of their new report, Bob Gourley of Crucial Point was asked by Government Matters TV to provide some context on the report.
For more see the video at this link and below:
The video also provides some context on suggestions of a consolidation of DoD IT and on lessons from the RSA conference, and mentions the Cloud Security Alliance.