Emails are extremely vulnerable. No large corporation, small business, or politician can guarantee their emails are safe. Here is why:
91% of intrusions are committed via email.
Given its inherent weaknesses, it’s not hard to see why cybercriminals are constantly using email attacks like WannaCry, Petya, and Lazarus to penetrate their victims’ infrastructures.
Do not become one of their victims.
of U.S. corporations are currently engaged in litigation.
The average number of active lawsuits for companies that are larger than $1 billion is an astonishing.
The wrong choices of security solutions may lead to fines and litigation if they violate government legal regulations about encryption key size, encryption algorithms, or the location of customers' data, not to mention the damage a cybercriminal can do.
Companies may face severe penalties (up to €20 million) under new EU GDPR (General Data Protection Regulation) for not safeguarding personal data.
Organizations are required to comply with the "Privacy by Design" principle (Article 25) and must notify regulators any time a data breach takes place. That could happen literally anytime an employee sends an email using a common SMTP, or even due to the loss of a company laptop.
New GDPR regulations elevate SMTP and email problems to boardroom levels in countries that accept GDPR laws (The European Union, Australia, and others), so these laws must be taken seriously.
Email is inherently unsecure by its very design because they are sent and received according to SMTP (Simple Mail Transfer Protocol).
This protocol prescribes to send email content and attachments in plain text over the public Internet, yet this protocol is still used to send sensitive data.
This is one of the biggest challenges to privacy, data security, and GDPR compliance.
Any confidential email and its attachments are transferred as plain text over the public Internet.
Even if a connection was protected by https using SSL / TLS, all transferred data could be decrypted and stored/changed at ISP (Internet Service Provider), mobile and network operators, hotels, airports, coffee shops, etc.
Additional encryption can’t do much, either, as the message could still be collected for further cryptanalysis.
“SMTP servers and clients normally communicate in the clear over the Internet. In many cases, this communication goes through one or more router that is not controlled or trusted by either entity.”, P. Hoffman, Internet Mail Consortium, RFC 3207.
Human error is always the weakest link in the otherwise secure perimeter of any company. With the increased complexity of IT infrastructures and software, the cost of human error could be enough to take an entire company down.
Together with SMTP and SSL, massive vulnerabilities and human error create a nearly unlimited risk of data breaches. It is not surprising that 91% of attacks begins with email.
Some companies that want to use or migrate to cloud infrastructures have very understandable fears of exposing sensitive data and losing control over its access.
Many are concerned about "Big Brother" legal environments in the countries where data is stored, completeness of internal data access and security, etc.
Although many solutions claim to solve the majority of existing email threats, there are always weak points that should be considered before using such security solutions and services. Otherwise, cybercriminals will have an easy opening to attack.
Company's data might be stored in an unencrypted state.
Cyberattacks, data breaches, and leaks have ended the careers of many top executives. Again and again, headlines announce that yet another top executive has lost position because of underestimation the severity of existing email threats.