Email threats

Emails are extremely vulnerable. No large corporation, small business, or politician can guarantee their emails are safe.

91% of intrusions are committed via email.

Given its inherent weaknesses, it’s not hard to see why cybercriminals are constantly using email for WannaCry, Petya, and Lazarus attacks to penetrate victims’ infrastructures.

Legal Compliance and

Gross Negligence


million or up to 4% of annual global turnover as a fine, whichever of both is highest.


The average number of active lawsuits against companies is striking (for $1 billion plus companies in the US).

The wrong choice of security solutions may lead to severe fines, imprisonment, and litigations.


GDPR Compliance

Companies may face severe penalties (up to €20 million) under new EU GDPR (General Data Protection Regulation) for not safeguarding personal data.

Organizations are required to comply with the 'Privacy by Design' principle (Article 25) and must notify regulators any time a data breach takes place. That could happen literally any time an employee sends a Regular Email using a common SMTP. New GDPR regulations elevate SMTP and Email problems to boardroom levels in countries that accept GDPR laws (The European Union, Australia, and others).




Email is inherently insecure by its very design because it is sent and received according to SMTP (Simple Mail Transfer Protocol).

This protocol sends Email content and attachments in Plain unencrypted text over the Public Internet, and this protocol is still used to send sensitive data.

This is one of the biggest challenges to privacy, data security, and GDPR, HIPAA, GLBA, and SOX compliance.



Any confidential Email and its attachments are transferred as Plain unencrypted text via untrusted 3rd party mail relays (Public Internet).

Even if a connection was protected by HTTPS using SSL/TLS, all transferred data could be decrypted and stored/changed at ISP (Internet Service Provider), or mobile network operators in airports and coffee shops.

Additional encryption doesn’t completely remove the risks, either, as the message could still be collected for cryptanalysis.


“SMTP servers and clients normally communicate in the clear over the Internet. In many cases, this communication goes through one or more routers that are not controlled or trusted by either entity.”, P. Hoffman, Internet Mail Consortium, RFC 3207.



Human error is always the weakest link in an otherwise secure perimeter of any company. With the increased complexity of IT infrastructures and software, the cost of human error could be enough to take the entire company down.

SMTP and SSL vulnerabilities combined with human errors create nearly unlimited risks for data breaches. It is not surprising that 91% of attacks begins with Email.


Losing Control


Some companies that want to use or migrate to cloud infrastructures have understandable fears about exposing sensitive data and losing control over access management.

Many are concerned about "Big Brother" in the countries where data is stored.


Threats of Existing Solutions

Although many solutions claim to solve certain Email threats, there are numerous security and compliance holes that should be understood before using such solutions.


/ 07

Lack of Encryption

A Company's data might be stored in an unencrypted state.

Fines, Penalties and Leagal Actions

Against Executive Officers

According to many existing regulations, a company’s executive officers could be personally fined and imprisoned for noncompliance.

GDPR - Up to €20 million, or 4% of the worldwide annual revenue whichever is higher.

SOX - Up to $5 million in fines, and individuals responsible can face up to 20 years in prison for noncompliance.

HIPAA - Up to $250,000 per incident, and individuals responsible can face up to 10 years in prison for noncompliance.

GLBA - Executive officers can be fined up to $10,000 for each violation and face up to 5 years in prison for noncompliance.

Ignoring Email threats

Has consequences

Cyberattacks, data breaches, and leaks have ended the careers of many top executives. Again and again, headlines announce that yet another top executive has lost their position because of an underestimation about the severity of existing Email threats.


Major Email Threats

Email protocol weaknesses

Email protocol (SMTP) sends emails in Plain unencrypted text (RFC 3207) which makes it easy for criminals to read, collect, and alter them.

No real encryption

Most email security solutions offer basic HTTPS, SSL/TLS channel security to an email server, the rest of the route is completed via untrusted 3rd party mail relays and is not protected.

Public Internet

Emails are sent via 3rd party mail relays (over the Public Internet), which are often untrusted and unsecure.

Human error

Employee and management errors, whether malicious or not, create nearly unlimited risks for data breaches.

Legal compliance

GDPR, HIPAA, GLBA, SOX and other regulations require protection of personal information and impose significant penalties both for companies and executive officers who fail to comply.

No Key Ownership

Certain solutions own encryption keys of their clients, which means they can access a client's encrypted information or could accidentally give away access to malicious third-parties.







We use cookies to improve your experience