news
Only 1.2 % of . org domains have adequate phishing protection
nly 1.2 % of . org domains globally have implemented
O measures to prevent email phishing , spoofing and ransomware attacks . This figure rises to only 20 % among the top 100 US non-profits . org domains by traffic .
New research from email security provider , EasyDMARC , reviewed a dataset of 9,935,024 verified . org email domains . EasyDMARC found that only 376,497 ( 3.8 %) domains had implemented the Domain-based Message Authentication , Reporting and Conformance ( DMARC ) security standard .
The DMARC standard enables the automatic flagging and removal of receiving emails which are impersonating senders ’ domains , which is a crucial way to prevent outbound phishing and spoofing attempts . Despite the standard being over a decade old , this research indicates a widespread underadoption of the standard among non-profits .
The research also signals a failure by the global non-profit sector to adequately configure DMARC when implemented . Among the small minority of the global . org domains tested that employ DMARC , 171,486 ( 45.6 %) had incorrectly configured it . As a result , these organisations lacked visibility into any impersonating emails they received or blocked .
Globally among non-profit domains using DMARC , only 121,290 ( 32.2 %) had implemented a ‘ reject ’ policy that automatically rejected emails impersonating a legitimate domain . Most domains employing DMARC had configured it to do nothing about impersonating emails , with 218,777 ( 58.1 %) domains having no policy . A total of 55,281 ( 14.7 %) had configured DMARC to send impersonating emails into quarantine .
Sophos demonstrates how to make ChatGPT a cybersecurity co-pilot
ophos , a global leader in innovating and delivering
S
Cybersecurity-as-a-Service ( CSaaS ), has released new research on how the cybersecurity industry can leverage GPT-3 , the language model behind the ChatGPT framework , as a co-pilot to help defeat attackers .
The latest report , GPT for You and Me : Applying AI Language Processing to Cyber Defenses , details projects developed by Sophos X-Ops using GPT-3 ’ s large language models to simplify the search for malicious activity in datasets from security software , more accurately filter spam and speed up analysis of ‘ living off the land ’ binary ( LOLBin ) attacks .
“ Since OpenAI unveiled ChatGPT back in November , the security community has largely focused on the potential risks this new technology could bring ,” said Sean Gallagher , Principal Threat Researcher , Sophos . “ Can the AI help wannabee attackers write malware or help cybercriminals write much more convincing phishing emails ? Perhaps , but at Sophos , we ’ ve long seen AI as an ally rather than an enemy for defenders , making it a cornerstone technology for Sophos , and GPT-3 is no different . The security community should be paying attention not just to the potential risks , but the potential opportunities GPT-3 brings .”
12 www . intelligentciso . com