The
Online Trust Alliance’s 2011 Online Safety Honor Roll released today recognized
26 percent of the top public and private Websites and government agencies for
their adoption of key technologies to help protect users’ privacy and identity
from abuse. While the number honored in 2011 represents a threefold increase
from this time last year, 74 percent of the top Websites analyzed did not
qualify and remain vulnerable to the increased levels of cybercrime and online
fraud.
OTA
Honor Roll criteria include implementation of email authentication, Extended
Validation SSL Certificates (EV SSL), and testing for malware and known site
vulnerabilities. In addition, federal government sites were evaluated for their
support of Domain Name System Security Extensions (DNSSEC).
The
OTA’s third annual survey examined 1,112 domains, their published DNS records
and more than 500 million email messages purporting to come from them. The
survey, which includes evaluation of best practices to help protect consumers
from forged email, phishing sites and malware, found that of the companies
analyzed, only 26 percent (289) qualified to be named to the 2011 OTA Online
Safety Honor Roll.
However,
the organization noted that this compares favorably to 8 percent that qualified
in 2010. The FDIC 100 led all surveyed sectors with nearly 27 percent making
the Honor Roll, followed by 24 percent of the Fortune 500 and 22 percent of the
Internet Retail 500. Only 12 percent of the measured federal government sites
made the grade. OTA’s criteria support President Obama’s National Strategy for
Trusted Identities in Cyberspace (NSTIC). Combined, they serve as the
foundation for several related cyber-security, interactive marketing and
identity protection initiatives.
“Domain-level
email authentication is a potent weapon in the fight against spam and phishing
attacks. But, for it to work, legitimate emailers must authenticate the
messages they send and receiving domains must refuse delivery of
unauthenticated messages,” said David Vladeck, director of the FTC’s Bureau of
Consumer Protection.
Recognizing
the business value of email authentication, adoption has been led by the top
social media sites (92 percent), followed by 84 percent of the Internet Retail
100 and nearly 59 percent of the largest FDIC banks. Comparatively, only 38
percent of leading government sites have adopted email authentication,
reflecting an 18.8 percent increase over 2010.
“We
applaud OTA’s efforts to drive adoption of standards-based security best
practices, and we are honored to be recognized for our leadership in customer
protection,” said Michael Barrett, CISO and vice president of Information Risk
Management at PayPal. “We encourage other industry stakeholders to join us in
deploying these solutions for the sake of our mutual customers’ safety and the
vitality of our ecosystem. The time is now.”
The
report also noted email authentication adoption has passed the tipping point,
with more than 56 percent adopting either SPF or DKIM on one or more of their
domains or subdomains. In addition, EV SSL is nearing 45 percent adoption
across top retail and banking sites, reflecting a year-to-year increase of over
78 percent. Across all segments, adoption increased 68 percent, the report
found.
“While
the level of adoption is failing to adequately protect consumers, the
commitment and growth within the public and private sectors is encouraging,”
said Craig Spiezle, executive director of the Online Trust Alliance.
“Government and business leaders need to commit to these guidelines to help
prevent a consumer trust meltdown and protect the vitality of the U.S.
economy.”
Midmarket News & Reviews 
