Uncovering

Email threats

Emails are extremely vulnerable. No large corporation, small business, or politician can guarantee their emails are safe.

91% of intrusions are committed via email.

Given its inherent weaknesses, it’s not hard to see why cybercriminals are constantly using email for WannaCry, Petya, and Lazarus attacks to penetrate victims’ infrastructures.

Legal Compliance and

Gross Negligence

€20

million or up to 4% of annual global turnover as a fine, whichever of both is highest.

147

The average number of active lawsuits against companies is striking (for $1 billion plus companies in the US).

The wrong choice of security solutions may lead to severe fines, imprisonment, and litigations.

IMPORTANT

GDPR Compliance

Companies may face severe penalties (up to €20 million) under new EU GDPR (General Data Protection Regulation) for not safeguarding personal data.

Organizations are required to comply with the 'Privacy by Design' principle (Article 25) and must notify regulators any time a data breach takes place. That could happen literally any time an employee sends a Regular Email using a common SMTP. New GDPR regulations elevate SMTP and Email problems to boardroom levels in countries that accept GDPR laws (The European Union, Australia, and others).

SMTP

Vulnerabilities

MailIcon

Email is inherently unsecure by its very design because it is sent and received according to SMTP (Simple Mail Transfer Protocol).

This protocol sends Email content and attachments in Plain unencrypted text over the Public Internet, and this protocol is still used to send sensitive data.

This is one of the biggest challenges to privacy, data security, and GDPR, HIPAA, GLBA, and SOX compliance.

Network

MailIcon

Any confidential Email and its attachments are transferred as Plain unencrypted text via untrusted 3rd party mail relays (Public Internet).

Even if a connection was protected by HTTPS using SSL/TLS, all transferred data could be decrypted and stored/changed at ISP (Internet Service Provider), or mobile network operators in airports and coffee shops.

Additional encryption doesn’t completely remove the risks, either, as the message could still be collected for cryptanalysis.

Quote

“SMTP servers and clients normally communicate in the clear over the Internet. In many cases, this communication goes through one or more router that is not controlled or trusted by either entity.”, P. Hoffman, Internet Mail Consortium, RFC 3207.

Human

MailIcon

Human error is always the weakest link in an otherwise secure perimeter of any company. With the increased complexity of IT infrastructures and software, the cost of human error could be enough to take the entire company down.

SMTP and SSL vulnerabilities combined with human errors create nearly unlimited risks for data breaches. It is not surprising that 91% of attacks begins with Email.

Clouds

Loosing Control

MailIcon

Some companies that want to use or migrate to cloud infrastructures have understandable fears about exposing sensitive data and losing control over access management.

Many are concerned about "Big Brother” in the countries where data is stored.

Threat

Threats of Existing Solutions

Although many solutions claim to solve certain Email threats, there are numerous security and compliance holes that should be understood before using such solutions.

01

/ 07

Lack of Encryption

A Company's data might be stored in an unencrypted state.

Fines, Penalties and Leagal Actions

Against Executive Officers

According to many existing regulations, a company’s executive officers could be personally fined and imprisoned for noncompliance.

GDPR - Up to €20 million, or 4% of the worldwide annual revenue whichever is higher.

SOX - Up to $5 million in fines, and individuals responsible can face up to 20 years in prison for noncompliance.

HIPAA - Up to $250,000 per incident, and individuals responsible can face up to 10 years in prison for noncompliance.

GLBA - Executive officers can be fined up to $10,000 for each violation and face up to 5 years in prison for noncompliance.

Ignoring Email threats

Has consequences

Cyberattacks, data breaches, and leaks have ended the careers of many top executives. Again and again, headlines announce that yet another top executive has lost their position because of an underestimation about the severity of existing Email threats.

Info

We use cookies to improve your experience