With 281 billion emails sent every day, email remains the primary communications platform for business organizations ranging from Fortune 500 companies to growing SMBs – and second place is not even close. Due to this overwhelming reliance on email, it should come as no surprise that these digital correspondences have also become a top target for hackers.
In fact, 91 percent of all cyberattacks and 98 percent of social engineering campaigns begin with email phishing scams.
While most organizations are aware of today’s phishing threats, and some have deployed various email security and phishing mitigation software to protect their company’s mailboxes, there are actually a number of other vulnerabilities that organizations are overwhelmingly unaware of.
According to a recent report by the Electronic Frontier Foundation (EFF), emails with plug-ins that use PGP (Pretty Good Privacy) or S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption standards can be easily decrypted, meaning that sensitive information sent via email is susceptible to interception.
The problem with this vulnerability, which has been dubbed “EFAIL,” is that attackers can exploit it to gain access to the plain text version of encrypted emails sent via popular email servers such as Thunderbird, macOS Mail and Outlook, effectively making traditional safeguards obsolete.
To avoid this EFAIL vulnerability, as well as vulnerabilities inherent to popular business apps like G-Suite and Microsoft Office 365, and advanced phishing attacks, such as business email compromise, organizations are beginning to reduce their reliance on email altogether. Instead, many are choosing to use SMS texting, especially for time-sensitive communications.
What people don’t realize, however, is that SMS texts are still vulnerable to the SMS-version of phishing scams, known as ‘smishing’ attacks, and that texts can easily be intercepted on open networks, making them no safer than email.
The EFF agrees that businesses should embrace an alternative to email for digital communications and has publicly recommended switching to secure messaging applications.
Enterprise-grade secure messaging is absent of all the vulnerabilities that make email so insecure, and it’s not susceptible to vulnerabilities like EFAIL. It is a reliable way for the sender to maintains complete control of the conversation, preventing unintentional sharing, data theft and propagation of information.
But what about after the EFAIL vulnerability has been mitigated? Should organizations automatically revert to using email for digital communications? Considering that there’s constant and significant risk to email exploitation, it’s time for organizations to embrace secure messaging for once and for all.
About Dr. Galina Datskovsky
Dr. Galina Datskovsky, CRM, FAI and serial entrepreneur is an internationally recognized privacy, compliance and security expert. Galina is currently the CEO of Vaporstream®, a position where she applies her knowledge and strategic guidance in building businesses, product development, governance policies, as well as cyber security.
Originally posted on ITSP Magazine on June 8, 2018 By Dr. Galina Datskovsky