Only around a quarter of the United Kingdom government’s agencies gov.uk domains names have been set up to support an industry best practice Email validation system, despite the imminent retirement of a previous public sector domains names platform, according to Egress.
The security vendor found that just Twenty Eight Percent of gov.uk domains names have enabled Domain-based Message Authentication, Reporting and Conformance (DMARC), which helps to prevent certain spam and phishing cyber attacks.
The vendor ran its tests just a few weeks before the Government Secure Intranet (GSI) websites platform is to be switched off this month, forcing departments to migrate to the public cloud systems.
This means the vast majority are not currently following the minimum standards suggested by the United Kingdom Government Digital Service (GDS) for Email authentication system.
Even more worse, of the Twenty Eight Percent that had enabled DMARC at the time of the study, over half (Fifty Three Percent) set a policy to “do nothing” which would effectively let through Business Email Compromise (BEC) cyber attacks and allow email buffering, while cyber spam and phishing messages would be allowed into recipients’ Email inboxes.
This means that in reality, only Fourteen percent of United Kingdom government domains names are using DMARC effectively to stop phishing cyber attacks, Egress warned.
“It is more quite startling to see that so many public sector organizations have not yet enabled DMARC effectively use and therefore cannot provide full assurance over their email network’s system ability to withstand phishing cyber attacks,” commented Egress (CTO), Neil Larkins. “With [not long] before the Global Standards Initiative (GSI) framework is retired, it is critical that organizations heed the advice laid out by Global distribution system (GDS).”
The United Kingdom government took a bold step back in September 2016 when the Cabinet Office mandated the strongest DMARC policy (“p=reject”) be set as the default for all Email services systems from October 1.
However, more progress has been slow in other areas. It was revealed in 2017 that Ninety Eight percent of United Kingdom's National Health Service (NHS) organizations were unprotected by DMARC, and that many English councils were also failing to progress.
DMARC has played a major crucial role in the NCSC’s successful Active Cyber Defence program over the past couple of years in United Kingdom.
Also Visit Our Sponsor: Made in All
No comments:
Post a Comment