Government Lagging Industry in Protecting Consumers
Only 26 percent of websites adequately protect their visitors from malicious activity.
When it comes to protecting consumers from malicious and rogue websites, 74 percent of organizations fail to make the grade, with government lagging behind social media, e-commerce and financial services. These are among the key findings of the Online Trust Alliances (OTA) annual Online Safety Honor Roll for 2011 released today. The OTA conducted its survey with 1,112 domains, their DNS, and over 500 million email messages purporting to come from them, and includes evaluation of best practices to help protect consumers from forged email, phishing sites and malware.
While the number honored in 2011 represents a three-fold increase from this time last year, 74 percent of the top websites and organizations still remain vulnerable to the increased levels of cyber crime and online fraud. The study validates the ongoing uptick in data breaches and critical need for better implementation of security best practices across the board.
OTA Honor Roll criteria include implementation of email authentication, extended validation SSL Certificates (EV SSL), and testing for malware and known site vulnerabilities. In addition, federal government sites were evaluated for their support of DNSSEC. While the number honored in 2011 represents a promising three-fold increase from this time last year, 74 percent of the top websites analyzed did not qualify and remain vulnerable to the increased levels of cybercrime and online fraud.
The OTAs third annual survey examined 1,112 domains, their published DNS records, and over 500 million email messages purporting to come from them. The survey, which includes evaluation of best practices to help protect consumers from forged email, phishing sites, and malware, found that of the companies analyzed, only 26 percent, or just 289, qualified to be named to the 2011 OTA Online Safety Honor Roll.
This is a huge improvement over 2010, however, when a paltry eight percent qualified.
The FDIC 100 led all surveyed sectors with nearly 27 percent making the Honor Roll, followed by 24 percent of the Fortune 500 and 22 percent of the Internet Retail 500. Unfortunately, only 12 percent of the measured federal government sites made the grade.
OTAs criteria are acknowledged as industry best practices and effectively support President Obamas National Strategy for Trusted Identities in Cyberspace (NSTIC). Combined, they serve as the foundation for several related cyber-security, interactive marketing, and identity protection initiatives.
A key principle in the report, email authentication, is recognized as a best practice by the FTC, FCC, Department of Homeland Security, U.S. Postal Inspection Service, U.S. Senate, and leading industry trade organizations including the Email Sender & Provider Coalition (ESPC), Direct Marketing Association, Anti-Phishing Working Group (APWG), BITS (a division of the Financial Services Roundtable), and the Messaging Anti-Abuse Working Group (MAAWG).
Domain level email authentication is a potent weapon in the fight against spam and phishing attacks. But, for it to work, legitimate emailers must authenticate the messages they send and receiving domains must refuse delivery of unauthenticated messages, said David Vladeck, director of the FTCs Bureau of Consumer Protection, in a statement.
Across all surveyed sectors, more than 56 percent have adopted either Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) -- two proven standards to help identify and block deceptive email.
Recognizing the business value of email authentication, adoption has been led by 92 percent of the top social media sites, followed by 84 percent of the Internet Retail 100, and nearly 59 percent of the largest FDIC banks. Comparatively, only 38 percent of leading government sites have adopted email authentication, reflecting an 19 percent increase over 2010.
We applaud OTAs efforts to drive adoption of standards-based security best practices and we are honored to be recognized for our leadership in customer protection, said Michael Barrett, CISO and VP of Information Risk Management at PayPal, in a statement. We encourage other industry stakeholders to join us in deploying these solutions for the sake of our mutual customers safety, and the vitality of our ecosystem. The time is now.
For their demonstrated commitment to best practices, industry collaboration and consumer education, OTA has recognized several North Stars including the Internal Revenue Service, the Social Security Administration, Apple Computer, Citibank, Bank of America, PayPal, Publishers Clearing House, Microsoft, and the White House (whitehouse.gov).
While the level of adoption is failing to adequately protect consumers, the commitment and growth within the public and private sectors is encouraging, said Craig Spiezle, executive director of the Online Trust Alliance, in a statement. Government and business leaders need to commit to these guidelines to help prevent a consumer trust meltdown and protect the vitality of the U.S. economy.