sb-nz logo
Story image

How safe are your emails? An expert breakdown

12 May 2016

Since the concept of email was first floated in the 60s, it has exploded onto the scene, becoming an absolutely crucial part of everyday business and personal lives. It’s hard to imagine how we’d survive without it.

“It’s simple, convenient and ubiquitous but the simplicity hides the global and complex infrastructure behind it,” says Jay Haybatov, CEO of Dekko Secure. “People think that their messages travel from their device to the recipient’s but the reality is much more complex.”

According to Haybatov, the standards for email that are used today were created as early as 1982, but it wasn’t for public use and therefore no one really cared about security.

“Just for comparison, the first website appeared 18 years later, in 1990,” Haybatov says. “The email standards were created when nobody thought about the Internet as a place for billions of users and millions of businesses.”

Haybatov assures that while various security measures have been put in place over time, email still suffers from several unresolved problems, which include:

  • Most email is sent in plain text. Attachments can be accessed when the email messages are stored on the email servers, even after being delivered to their recipients.
  • It takes only a few seconds to send an email message that looks like it was written on behalf of your bank, Barack Obama, or Julius Caesar – no hacking skills required. What if you received an email from your children’s private school about a change in banking details? There is no way to verify the authenticity of such a message, except to check it with the school directly.
  • You never know whether your message achieved the intended recipient. What if it was a tender application for a big contract?

Why emails are a prime target for hackers

“There are a number of tools in the average hacker’s arsenal, including botnets, spam, DDoS attacks, identity theft and Cryptolocker,” says Haybatov. “Email offers a very cheap way for cybercriminals to reach mass audiences.”

Some of the most dangerous ways that email can be misused include:

  • Distributing viruses that encrypt users’ computers and request a ransom for a password to restore the files
  • Spreading Trojans that turn users’ computers into part of a large botnet used for attacking networks and websites of companies for ransom or for competitive advantage
  • Extracting personal information, for example, financial information from tax

How big is the problem?

Haybatov affirms the problem is diverse and widespread.

“For instance, around 75% of email traffic is believed to be spam and some botnets contain millions of infected computers,” Haybatov says. “The use of compromised accounts to send fake emails with viruses, Trojans, Crypolockers or links to harmful sites on behalf of the account owner is becoming more sophisticated. People tend to trust emails from the known accounts, which makes them more dangerous, particularly when you have banks using email to allow customers to reset their passwords or internal business emails that request for payments to be made.”

How can we defend ourselves?

A common solution that is recommended to email account holders is to change the password. While having a more complex password does minimise the threat of direct account hacking, Haybatov stresses it is not enough.

“Security solutions need to be all-encompassing and businesses must ensure they take the proper precautions to protect consumer data,” Haybatov say. “The general trend in Europe is towards giving the customers an option to control what sort of personal data the businesses require and can access. European legislation forces businesses to protect customer data including emails, or face huge penalties (up to 10M Euros) and Australia and New Zealand should follow suit, including immediately disclosing all customer data leaks.”

According to Haybatov, businesses need to think beyond perimeter protection, amd adopt solutions that protect data itself using robust encryption technology.

“Focusing on solutions that provide end-to-end uninterrupted encryption is also critical,” Haybatov says. “Most email providers do not provide that at the moment because customers are not demanding it.”

Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Fast track your digital transformation with dynamic security services from Fortinet
Jon McGettigan, Fortinet A/NZ Regional Director, explains how enterprises can speed up their network service delivery programmes by embracing Fortinet’s dynamic security services.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More