Microsoft Exchange attacks highlight the wider issue: email is outdated

Email is a security headache. It’s long been the primary attack vector, and responsible for the delivery of 94% of malware according to research from Verizon. The recent cyber attack on Microsoft Exchange left over 250,000 organisations vulnerable to data breaches. Cyber criminals targeted four vulnerabilities which allowed them to access servers for the email service.

The Microsoft Exchange attack highlights the critical – and often overlooked – issue that the vast majority of email is not end-to-end encrypted (E2EE).

Although there are encryption standards for email, notably PGP, it is unusual to see encrypted email in use between organisations. That leaves corporate email a sitting duck if a company’s server gets breached, and the data email contains is super-sensitive, in-the-moment communication, often including confidential information.

Comparing different AI approaches to email security

Dan Fein, director of email security products at Darktrace, dissects the various AI approaches to email security utilised by businesses. Read here

Email is no longer fit for purpose

The Exchange attack has exposed email’s general lack of encryption, and so begs the question: Why are organisations continuing to rely on a technology that is so insecure?

The sole reason email is still relied on so heavily is due to its universal nature. Thanks to SMTP being an open protocol, users are able to send messages to anyone regardless of which email provider different parties are using; from any app, and with nothing more than a simple (unique) email address. Email also provides organisations with a solid audit trail of discussion and decision making, which is vital to organisations operating large ecosystems and communicating with internal and external stakeholders.

The collaboration boom

Real-time collaboration was seen as the replacement for email. However, that never came to fruition because of the centralised ‘walled garden’ design of collaboration tools such as Slack. Walled gardens leave people needing to be using the same platform to communicate with each other.

Imagine the frustration of a Gmail user not being able to email someone on their work email. Even if two different organisations happen to be using the same proprietary collaboration tool, setting up external chat channels is expensive and creates an admin overhead.

Traditional collaboration tools, such as Microsoft Teams and Slack are also most of the time hosted by the provider in a cloud without being end-to-end encrypted — leaving conversations just as unprotected as those had in email, without even the option to host them on-premise, like at least email allows. The provider (be it Slack or Microsoft) has direct access to the entirety of the conversations had on their platforms.

End-to-end encryption is available on some messaging apps, such as Signal and WhatsApp, making them more secure than email. However, once again, they are walled gardens. Siloed messaging apps leave users having to constantly switch between apps, resulting in fragmented conversations with no audit trail. They are, after all, free consumer-grade apps rather than something built for the enterprise. While they are used in the workplace, it’s only ever on an unmanaged shadow IT basis.

What is needed is an open standard for real time communications, that brings universal communication in the way SMTP offers with email.

Why collaboration is the key to true business intelligence

Mat Singer, head of sales enablement at Upland Software, discusses the role collaboration plays in gaining true business intelligence. Read here

Communicate with confidence

Traditional proprietary collaboration tools and messaging apps have failed to provide a meaningful solution for enterprise communication. That is why organisations are still using their only universal communications option: email.

CTOs and CIOs want to move away from the insecurity of email, and towards the flexibility of real time communication. However they need real time communication that can be easily used across the entire organisation’s ecosystem, without compromising security. This has become even more important as companies consider their workplace models after the pandemic, with real demand for flexible working. With digital workplaces here to stay, data security must be prioritised.

In the new era of communication, a genuinely useful collaboration tool and messaging app needs to offer three things:

  1. An open, global network, so those entire ecosystems can communicate through it, no matter which service is being used.
  2. A decentralised network which gives organisations the option to own, host and control their own data; preserving data sovereignty.
  3. E2EE to ensure that only those participating in the conversations can view the content. This should be combined with cross-signed verification so users can vouch for their devices, eliminating the potential of imposters and eavesdropping.
Written by Amandine Le Pape, co-founder and chief operating officer of Element

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com

Related Topics

Email
Email Security
Microsoft