• De
  • En
  • Ru
  • Ua

Threats

Uncovering

Email threats

Emails are extremely vulnerable. No large corporation, small business, or politician can guarantee their emails are safe.

91% of intrusions are committed via email.

Given its inherent weaknesses, it’s not hard to see why cybercriminals are constantly using email for WannaCry, Petya, and Lazarus attacks to penetrate victims’ infrastructures.

Legal Compliance and

Gross Negligence

€20

million or up to 4% of annual global turnover as a fine, whichever of both is highest.

147

The average number of active lawsuits against companies is striking (for $1 billion plus companies in the US).

The wrong choice of security solutions may lead to severe fines, imprisonment, and litigations.

IMPORTANT

GDPR Compliance

Companies may face severe penalties (up to €20 million) under new EU GDPR (General Data Protection Regulation) for not safeguarding personal data.

Organizations are required to comply with the 'Privacy by Design' principle (Article 25) and must notify regulators any time a data breach takes place. That could happen literally any time an employee sends a Regular Email using a common SMTP. New GDPR regulations elevate SMTP and Email problems to boardroom levels in countries that accept GDPR laws (The European Union, Australia, and others).

SMTP

Vulnerabilities

MailIcon

Email is inherently insecure by its very design because it is sent and received according to SMTP (Simple Mail Transfer Protocol).

This protocol sends Email content and attachments in Plain unencrypted text over the Public Internet, and this protocol is still used to send sensitive data.

This is one of the biggest challenges to privacy, data security, and GDPR, HIPAA, GLBA, and SOX compliance.

Network

Threats

MailIcon

Any confidential Email and its attachments are transferred as Plain unencrypted text via untrusted 3rd party mail relays (Public Internet).

Even if a connection was protected by HTTPS using SSL/TLS, all transferred data could be decrypted and stored/changed at ISP (Internet Service Provider), or mobile network operators in airports and coffee shops.

Additional encryption doesn’t completely remove the risks, either, as the message could still be collected for cryptanalysis.

Quote

“SMTP servers and clients normally communicate in the clear over the Internet. In many cases, this communication goes through one or more routers that are not controlled or trusted by either entity.”, P. Hoffman, Internet Mail Consortium, RFC 3207.

Human

Error

MailIcon

Human error is always the weakest link in an otherwise secure perimeter of any company. With the increased complexity of IT infrastructures and software, the cost of human error could be enough to take the entire company down.

SMTP and SSL vulnerabilities combined with human errors create nearly unlimited risks for data breaches. It is not surprising that 91% of attacks begins with Email.

Clouds

Losing Control

MailIcon

Some companies that want to use or migrate to cloud infrastructures have understandable fears about exposing sensitive data and losing control over access management.

Many are concerned about "Big Brother" in the countries where data is stored.

Threat

Threats of Existing Solutions

Although many solutions claim to solve certain Email threats, there are numerous security and compliance holes that should be understood before using such solutions.

01

/ 07

Lack of Encryption

A Company's data might be stored in an unencrypted state.

Fines, Penalties and Leagal Actions

Against Executive Officers

According to many existing regulations, a company’s executive officers could be personally fined and imprisoned for noncompliance.

GDPR - Up to €20 million, or 4% of the worldwide annual revenue whichever is higher.

SOX - Up to $5 million in fines, and individuals responsible can face up to 20 years in prison for noncompliance.

HIPAA - Up to $250,000 per incident, and individuals responsible can face up to 10 years in prison for noncompliance.

GLBA - Executive officers can be fined up to $10,000 for each violation and face up to 5 years in prison for noncompliance.

Ignoring Email threats

Has consequences

Cyberattacks, data breaches, and leaks have ended the careers of many top executives. Again and again, headlines announce that yet another top executive has lost their position because of an underestimation about the severity of existing Email threats.

Link:

A huge data breach ended the career of Equifax CEO Richard Smith

Link:

About 70 million Target customers were hit by hackers

Link:

CSO of JPMorgan Chase reassigned after a data breach

Link:

Leaked documents continue appearing in the media

Threat

Major Email Threats

Email protocol weaknesses

Email protocol (SMTP) sends emails in Plain unencrypted text (RFC 3207) which makes it easy for criminals to read, collect, and alter them.

No real encryption

Most email security solutions offer basic HTTPS, SSL/TLS channel security to an email server, the rest of the route is completed via untrusted 3rd party mail relays and is not protected.

Public Internet

Emails are sent via 3rd party mail relays (over the Public Internet), which are often untrusted and unsecure.

Human error

Employee and management errors, whether malicious or not, create nearly unlimited risks for data breaches.

Legal compliance

GDPR, HIPAA, GLBA, SOX and other regulations require protection of personal information and impose significant penalties both for companies and executive officers who fail to comply.

No Key Ownership

Certain solutions own encryption keys of their clients, which means they can access a client's encrypted information or could accidentally give away access to malicious third-parties.

Cyberattacks

TIME

SOURCE

TARGET

ATTACK

© 2024 StealthMail. All rights reserved

Support Imprint Cookie Policy Terms Privacy
Info

We use cookies to improve your experience