We’re just a few short months away from the EU General Data Protection Regulation (GDPR) coming into law on May 25th, promising an unprecedented shake up of the way businesses manage and secure data. Any organization that collects or processes data relating to EU citizens is likely to fall under the regulation, making it a priority for any company with a global scope. Some organizations are...

On Friday 12th May last year, a global ransomware attack, aptly named WannaCry, infected over 200,000 computers in at least 100 countries. It began with an email at roughly 8:30am London time. By midday, employees at Spain’s mobile operating giant Telefónica were being shut out of their work terminals and in the UK, emergency services were being pulled and hospital facilities were being shut down....

According to a public service announcement issued by the FBI, college students across the United States continue to be targeted in a common email phishing scam that lures students in with the promise of employment.It works like this: email Scammers advertise phony job opportunities on college employment websites or students receive emails on their student accounts recruiting them for fictitious...

In this final post of the DMARC series we’ll discuss the latest crypto updates to DKIM known as the DKIM Crypto Update (DCRUP) to strengthen DKIM. Picking the LockWhile DKIM has been around for many years as one of the foundations of DMARC, weaknesses in the security of its signatures have limited its effectiveness. The DCRUP Working Group was created to update DKIM to handle more modern...

As we mentioned in the first post of this series, with the arrival of ARC, one of the biggest blockers to DMARC adoption up to now has been the inability to use it with mailing lists or forwarders. This limitation existed because messages delivered through 3rd party handlers would not pass DKIM or SPF (or both). This meant that in the past one either didn’t enforce DMARC or suffered the...

Recent research conducted by Agari showed that Business Email Compromise (BEC) attacks are running rampant with 96% of organizations experiencing an attack during the second half of 2017. To compile the report, Agari analyzed over 1 billion emails that were considered safe by conventional security technologies. Our analysis showed that BEC was one of the predominant methods used by cyber criminals...

The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has passed and 63 percent of federal agencies have deployed DMARC, up from 18% when the directive was announced three months ago. BOD 18-01 was announced by DHS Assistant Secretary of Cybersecurity and Communications Jeanette Manfra on October 14, 2017. The mandate requires federal domains to...

The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive. The first of those milestones (due on November 15th, 2017) is to create an Agency Plan of Action for BOD 18-01 outlining how the agency would implement the requirements of the directive and meet its deadlines...

If you are in the email business, the big story today is Mailsploit, a collection of email client bugs that threatens to undermine DMARC and render Secure Email Gateways (SEGs) obsolete. In other words, the end of the world is upon us, and we should all go back to using smoke signals or march forward and find a replacement for email. Before we all become tinfoil milliners, let’s take a step back...

Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of Homeland Security (DHS) issued this directive in order to implement better security protocols on government emails. The DHS BOD 18-01 is a compulsory directive to all federal departments and agencies. Among the measures mandated in BOD 18-01 is a requirement that federal agencies adopt Domain-based...

Our latest research reveals that the extended enterprise (employees, customers, suppliers, and ex-employees) is responsible for 74% of cyber incidents.