Blog
Reflecting on 2023: A Year of Growth, Resilience, and Influence for GCA
The Global Cyber Alliance builds communities to deploy tools, services, and programs that provide cybersecurity at scale. As we reflect on 2023, we are proud to share a remarkable journey of growth, resilience, and influence. We’ve built new tools, published important research, and launched multiple initiatives to propel us forward, while improving cybersecurity globally. We extend our sincere gratitude to our Board of Directors, Strategic Advisors, Ambassadors, partners, and communities, whose support and action continues to be the key to everything we accomplish together. Here, we highlight some of our activities from 2023 and share what’s coming next in 2024.
Enhancing Cybersecurity Knowledge and Solutions Across the Globe
Our Capacity & Resilience Program works with end-user communities to deploy solutions that address their needs. Cybersecurity Toolkits provide free, vetted, and effective tools that individuals and organizations of any size can easily use to implement basic cybersecurity hygiene and protect themselves. An analysis by Tidal Cyber and GCA showed that the measures covered in the GCA Cybersecurity Toolkit for Small Business address up to 86% of the [ransomware] techniques that enable initial network access or that compromise the confidentiality, integrity, or availability of data. Furthermore, implementing the basic cyber hygiene steps offered in the GCA’s toolkit addresses 72% of the most common ransomware techniques facing small businesses. Also in 2023:
- Virgin Money began offering the GCA Cybersecurity Toolkit for Small Business to its customers in the United Kingdom to help them reduce their level of cyber risk.
- The Consortium of Cybersecurity Clinics started providing a direct portal to the GCA Cybersecurity Toolkit for Mission-based Organizations, giving students hands-on experience and local organizations cybersecurity assessments.
- KnowBe4 and GCA expanded their existing partnership to provide additional cybersecurity training across the globe to small organizations that might not otherwise be able to afford it.
- The GCA Cybersecurity Toolkit for Small Business was translated into a sixth language – Portuguese.
This year, we gave voice to Devi, an Indonesian mother and entrepreneur who used the GCA Cybersecurity Toolkit for Small Business to protect her business – and her community. Since 2021, a partnership between Mastercard Center for Inclusive Growth, Mercy Corps Indonesia, and Global Cyber Alliance has helped micro, small, and medium enterprises gain the skills and tools they need to increase their digital safety and better protect themselves from cyber attacks. Learn more in this video with Devi:
In April, we worked with the support of CrowdStrike and the International Foundation for Electoral Systems (IFES) to release the Global Elections Security Report in advance of a busy 2024 election year. The report offers ten recommendations focusing on policy, technology, collaboration, skills, and resources that are critical to ensuring election security. These recommendations resulted from discussions with 41 leaders in 16 countries, representing a broad range of sectors linked to global elections security.
In July, we announced a new collaboration with Premium Partner Amazon to better understand young adults’ (18-25) knowledge, awareness, and experience with cybersecurity and online scams, develop resources to help, and lead an open, global collaboration of like-minded organizations to contribute, promote, and share these resources with young adults at scale. Analyzing results from our global survey and focus groups held in September led to an Online Safety Page that provides concise and actionable information to “Protect, Identify, Report & Recover” from impersonation and other scams during peak shopping season in 2023. We are working toward the launch of a robust solution with interactive digital content to raise awareness, change attitudes, and ultimately behaviors to empower young adults against online scams and cybersecurity threats.
In October, Google.org, Google’s philanthropic arm, announced a $15M grant to The Asia Foundation to launch the APAC Cybersecurity Fund. Partnering with the CyberPeace Institute and Global Cyber Alliance, this initiative will strengthen cyber resilience for underserved organizations across 13 APAC locations. Starting in February, The Asia Foundation will work with its local partners to bolster cyber-capabilities for 300,000 underserved micro/small businesses, nonprofits, and social enterprises.
Keeping Eyes On Infrastructure
Our Internet Integrity Program addresses systemic cyber risk at the infrastructure level by focusing on three components of the Internet—domain names, IP address space, and routing mechanisms.
Domain Trust is an industry-recognized platform leading in facilitating cross-sector organizational discussions focused on preventing and mitigating domain abuse. The three components of Domain Trust (community, data, and outreach) grew significantly in 2023 as evidenced below:
- 13 new partners joined the Domain Trust community, enabling a total of 51 partners to reduce the threat and impact of domains registered or compromised for malicious purposes by mitigating and preventing such abuse.
- Nearly 10 million new, unique malicious domains were reported to the Domain Trust data platform, more than doubling the previous two years’ reporting.
- Because of its Domain Trust work, GCA was invited to participate in industry groups such as eco topDNS’ Advisory Group on Domain Abuse and FIRST’s Domain Abuse Special Interest Group.
AIDE – Automated IoT Defence Ecosystem – has a repository of billions of IoT-related security incidents collected through a network of 200+ geographically distributed sensors that operate as decoys to collect data. Now recording up to 800,000 new incidents every day, the repository has become large and valuable enough to support the creation of a community around it. Last year:
- Our collaboration with Microsoft continued with the publication of IoT Policy and Attack Report II, with key findings on known vulnerabilities in IoT devices’ software stacks, risk remediation practices, and how honeypot technologies are powerful allies in the research of this threat landscape.
- After introducing the AIDE Research Program in 2022 and welcoming four research organizations into its first cohort, in October 2023 the Max Planck Institute for Informatics completed and presented the first AIDE research project analyzing data from 400 million sessions over a 15-month period, uncovering stark differences between honeypots and key behaviors of the scouts and attackers that try to infiltrate them. The research was published at the ACM Internet Measurement Conference 2023.
- We completed our two-year project with the Cyber Security Agency of Singapore, resulting in the first at-scale, real-life implementation of GCA’s proprietary honeypot technology, which can combine physical or virtualized IoT devices to build honeyfarms in a flexible way.
MANRS – Mutually Agreed Norms for Routing Security – reduces the most common routing threats by outlining simple, concrete actions networking organizations can take. Unsecure routing is one of the most common paths for malicious threats to networks; MANRS forms a community of security-minded organizations committed to making the global routing infrastructure more robust and secure. In 2023,
- GCA announced in November it would become the secretariat and operational home of this 10-year-old initiative with over 1100 participating organizations from across the globe. We’ll continue auditing and approving new participants, facilitating community discussions and gatherings, publishing conformance reports, and providing valuable insight into the routing security activities that are increasingly driving conversations within governments and organizations.
Mobilizing Communities for Collective Action
In February, Nonprofit Cyber celebrated its first anniversary, and over the course of the year introduced more than ten new nonprofits that serve the public interest by developing, sharing, deploying, and increasing awareness of cybersecurity best practices, tools, standards, and services. In November, it held the first “More Than a Password” Day, a global movement to emphasize the importance of stronger online authentication and to release essential password guidance for businesses and individuals.
As part of our work with Cyber Civil Defense, a broad coalition formed by Craig Newmark Philanthropies and comprised of organizations dedicated to building a whole-of-society effort against cyber insecurity, we:
- Launched the Actionable Cybersecurity Tools (ACT) wiki in October, which provides an easy-to-navigate directory of more than 2500 cybersecurity tools and resources tailored for a growing number of user communities.
- Collaborated with Consumer Reports and Aspen Digital to conduct the second annual Consumer Cyber Readiness Report in October, revealing progress in consumer cybersecurity practices but a strong need for more education about best practices for digital safety.
In November at the Global Conference on Cyber Capacity Building (GC3B), we endorsed the Accra Call for Cyber Resilient Development, which aims to stimulate global action to elevate cyber resilience across international and national development agendas as well as promote cyber capacity building that supports broader development goals, effectively serving the needs and priorities of developing countries.
GCA is leading the creation of Common Good Cyber to ensure a safe and lasting digital future by supporting often under-funded nonprofits and the volunteers tirelessly safeguarding it. Other driving forces behind the initiative are the Cyber Threat Alliance, CyberPeace Institute, the Forum of Incident Response and Security Teams (FIRST), the Institute for Security and Technology (IST), and the Shadowserver Foundation.
Looking Forward Into 2024
We accomplished a lot in 2023, and we’re just getting started. This year will bring:
- Making our Cybersecurity Toolkits accessible to even more communities to implement the practices that protect us all, with special focus on elections and journalism.
- Partnering with Amazon on a global campaign to help young adults avoid online scams and learn how to report scams they encounter.
- Working with The Asia Foundation and local partners to bolster cyber-capabilities for 300,000 underserved micro/small businesses, nonprofits, and social enterprises.
- Developing resources to help end users reduce risks posed by generative artificial intelligence (genAI) and making cybersecurity tools easier to implement through automation.
- Growing the Domain Trust community to prevent and mitigate domain abuse.
- Expanding the AIDE project to identify and mitigate IoT attacks.
- Reducing routing security incidents by growing and leveraging the MANRS community.
- Mobilizing organizations of all sizes to work together through initiatives including Nonprofit Cyber, Civil Cyber Defense, and Common Good Cyber.
Through innovative programs, strategic partnerships, and community engagement, we made significant strides in enhancing cybersecurity knowledge and solutions worldwide. We’ve increased and enhanced the internal structures and resources that serve as a solid foundation for future work, and we remain steadfast in our mission, poised to continue driving positive change and build a trustworthy Internet that enables social and economic progress for all. Join us on this journey by contacting us, following us on LinkedIn, X, or Facebook, joining as a partner or sponsor, or donating.
