Scroll Top
NEWS
NEWS
NEWS

CyberGreen supports the Paris Call for Trust and Security in Cyberspace

Support efforts to strengthen an advanced cyber hygiene for all actors

Cyber-attacks have been growing in both frequency and impact in recent years. These types of attacks can seem highly complex, however the truth is most successful cyber-attacks leverage security problems that are simple enough to understand and address. As noted in the 2019 verizon data Breach Incident Report, the leading cause of confirmed breaches continues to be the exploitation of weak, default or otherwise stolen passwords, and another 13% of total breaches are due to individuals falling victim to phishing attacks. These predominant attack methods, along with others, can be largely addressed via good cyber hygiene.

With this in mind, organizations of all types can significantly improve their security posture by taking steps to educate their user base on best practices for digital engagement and cyber hygiene. Evidence suggests that a regime of foundational measures, reflecting prioritized, essential tasks to defend against avoidable dangers in cyberspace, does in fact work to reduce overall risk. This is why it was important to have cyber hygiene specifically recognized in a principle of the Paris Call for Trust and Security in Cyberspace. However, we need more than a principle. To be effective, cyber hygiene measures need to be operationalized and made available and accessible at scale, especially to vulnerable communities with limited financial and technical resources available.

Cyber hygiene standards already exist in various forms and so our new working group of experts has strived to highlight a few of the ones we find most impactful below. These include technical standards, such as Domain-based Message Authentication, Reporting and Conformance (DMARC), as well as good practices like ensuring that your software is patched in a timely fashion. In addition, numerous recommendations on cyber hygiene have been highlighted by several of the supporters of the Paris Call. These include the UK government’s 10 steps towards cybersecurity, the Center for Internet Security’s 20 CIS Controls and Resources, and ANSSI’s 40 essential measures for a healthy network.

. All of these efforts have been gaining wider international recognition as governments and enterprises increasingly understand the importance of taking steps which demonstrably help prevent and rapidly mitigate the dangers of known threats.

The following organizations are part of our group and committed to promoting the implementation of the Paris Call principle on cyber hygiene: “Support efforts to strengthen an advanced cyber hygiene for all actors.” We hope that others will join us in this effort in the coming weeks and months, to contribute to a curated list of good practices to increase the safety and security of our shared online environment. This budding coalition will come together during the Internet Governance Forum on 28th November to discuss next steps. Should you wish to participate and lend your expertise to this initiative, please email [email protected].

 

Supporters

CyberGreen: https://www.cybergreen.net/

Cybersecurity Tech Accord: cybertechaccord.org

Global Cyber Alliance: https://www.globalcyberalliance.org/who-we-are/

Internet Society: https://www.internetsociety.org/issues/

Microsoft: microsoft.com

 

Good practices

Cybersecurity should be understood as continuous process that is always responding to a changing threat environment. In that same vein, the list of good practices that improve cyber hygiene must evolve over time as well. The list below reflects an initial set of recommendations our group has identified based on our experience of working in different capacities around the globe; however, we are looking forward to a robust discussion in this space in the coming months. These recommendations combine groundbreaking individual initiatives along with established practices that have served to make our online lives more secure.

Adopt a vulnerability disclosure policy

Endorse Mutually Agreed Norms For Routing Security (MANRS)A vulnerability disclosure policy describes how a company or other organization will process vulnerability reports submitted by ethical hackers. A vulnerability disclosure policy is the digital equivalent of “if you see something, say something.” It’s intended to give anyone willing to highlight something is wrong clear guidelines to report it and an understanding of how the vulnerability will get fixed.

https://cybertechaccord.org/the-importance-of-vulnerability-disclosure-policies/

Endorse Mutually Agreed Norms for Routing Security (MANRS)

MANRS comprises simple but concrete steps for network operators that will dramatically improve Internet security and reliability. The first two operational improvements eliminate common routing issues and attacks, while the second two procedural steps provide a bridge to universal adoption and decrease the likelihood of future incidents.

https://www.internetsociety.org/issues/manrs/

 

 

 

Ensure Your Patches Are Up To Date

Vulnerabilities in technology are always being discovered and in response, vendors regularly issue security updates to plug the gaps. Applying these updates – a process commonly known as “patching” – closes vulnerabilities before attackers can exploit them. Failing to implement a security update in a timely fashion can leave systems vulnerable to preventable attacks. Patching can also fix bugs, add new features, increase stability, and improve look and feel (or other aspects of the user experience).

https://www.microsoft.com/security/blog/2019/10/09/patching-social-responsibility/

 

Implement Domain-based Message Authentication, Reporting and Conformance (DMARC):

Phishing is a social engineering attack in which a fraudulent communication – often an email – appears to come from a legitimate organization or user in order to trick a recipient. The goal of this attack is to either steal personal identifiable information to orchestrate fraud or to infect systems with malware, such as ransomware or a keylogger. It affects everyone as the most common type of cyber-attack and relies on users not being unable to recognize whether or not a message came from a legitimate organization. Spammers often spoof the “From” address in an email, resulting in the recipients trusting source of the message. DMARC prevents unauthorized usage of the organization’s email domain. In other words, protecting against domain spoofing.

https://www.globalcyberalliance.org/dmarc/

Utilize CyberGreen to measure the health of your network

The first steps to improving cyber ecosystem health include accurately measuring Internet vulnerabilities, understanding the causes of conditions that pose risks to the Internet, and providing metrics in order to focus cleanup and mitigation efforts. Using quantitative data collection and statistical analyses, CyberGreen evaluates the cleanliness of the Internet ecosystems within countries and recommend specific policies and measures.

https://www.cybergreen.net/what-we-do/

Back

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy Preferences.
Required

PRIVACY POLICY

CyberGreen (“us”, “we”, or “our”) operates the CyberGreen website (the “Website Service”).

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Website Service.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Website Service. By using the Website Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible at https://www.cybergreen.net.

MANUAL INFORMATION COLLECTION AND USE

While using our Website Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information (“Personal Information”) may include, but is not limited to:

  • Name
  • Email address
  • Affiliation
  • Internet Protocol (“IP”) address/range (if requesting opt out from CyberGreen scans)

BROWSER INFORMATION (LOG DATA)

We collect information that your browser sends whenever you visit our Website Service (“Log Data”). This Log Data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

COOKIES

Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use cookies to collect, store, and/or correlate information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website Service.

SERVICE PROVIDERS

We may employ third-party companies and individuals to facilitate our Website Service, to provide the Website Service on our behalf, to perform Website Service-related services or to assist us in analyzing how our Website Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

SECURITY

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

LINKS TO OTHER SITES

Our Website Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

CHILDREN’S PRIVACY

Our Website Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.

COMPLIANCE WITH LAWS

We will disclose your Personal Information where required to do so by law or subpoena.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Privacy Policy, please contact us.

TERMS OF USE

The CyberGreen Institute (“CyberGreen”) Is a non-profit, charitable organization dedicated to the creation and dissemination of metrics measuring the Cyber health of networks along with related data, metrics, and analysis. We also assist network operators with the adoption of Cyber hygiene best practices and risk remediation. A big part of our mission is the collection, calculation, and public distribution of our CyberGreen Index. The CyberGreen Index and the other data that we publish on this website is released under the Affero General Public License (version 3) (the “License”). The use of License ensures that our data remains freely accessible and freely useable by members of the public. (In rare circumstances, we may use another license to distribute data, in which case the specific data set will not be available without a click-thru notice specifying the specific license that applies.)

We do ask that you cite us properly in any academic work as the source for anything that you take from this website. If you are a commercial firm and wish to incorporate our data into a commercial product, you must acknowledge CyberGreen as the source of the data that you used and provide your customers with a link to this website with simple instructions on how to find the data that you took from our site.

We do not publish personally identifiable information (PII) or other information that implicates third party privacy rights. CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).

TERMS OF USE

The CyberGreen Institute (“CyberGreen”) Is a non-profit, charitable organization dedicated to the creation and dissemination of metrics measuring the Cyber health of networks along with related data, metrics, and analysis. We also assist network operators with the adoption of Cyber hygiene best practices and risk remediation. A big part of our mission is the collection, calculation, and public distribution of our CyberGreen Index. The CyberGreen Index and the other data that we publish on this website is released under the Affero General Public License (version 3) (the “License”). The use of License ensures that our data remains freely accessible and freely useable by members of the public. (In rare circumstances, we may use another license to distribute data, in which case the specific data set will not be available without a click-thru notice specifying the specific license that applies.)

We do ask that you cite us properly in any academic work as the source for anything that you take from this website. If you are a commercial firm and wish to incorporate our data into a commercial product, you must acknowledge CyberGreen as the source of the data that you used and provide your customers with a link to this website with simple instructions on how to find the data that you took from our site.

We do not publish personally identifiable information (PII) or other information that implicates third party privacy rights. CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).

TERMS OF USE

The CyberGreen Institute (“CyberGreen”) Is a non-profit, charitable organization dedicated to the creation and dissemination of metrics measuring the Cyber health of networks along with related data, metrics, and analysis. We also assist network operators with the adoption of Cyber hygiene best practices and risk remediation. A big part of our mission is the collection, calculation, and public distribution of our CyberGreen Index. The CyberGreen Index and the other data that we publish on this website is released under the Affero General Public License (version 3) (the “License”). The use of License ensures that our data remains freely accessible and freely useable by members of the public. (In rare circumstances, we may use another license to distribute data, in which case the specific data set will not be available without a click-thru notice specifying the specific license that applies.)

We do ask that you cite us properly in any academic work as the source for anything that you take from this website. If you are a commercial firm and wish to incorporate our data into a commercial product, you must acknowledge CyberGreen as the source of the data that you used and provide your customers with a link to this website with simple instructions on how to find the data that you took from our site.

We do not publish personally identifiable information (PII) or other information that implicates third party privacy rights. CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).