Intercepted emails in times of big data – the underestimated threat
Tips & Best Practice | 29. AUG 2019
Nearly daily news of cyberattacks on companies reaches us. Strangers obtain access to internal company networks and tap data or manipulate the infrastructure. In 2016 several German DAX companies formed a cyber security organisation (DCSO) to share information in the fight against hackers. Every irregurality in user and server behaviour is tracked/captured, every suspicion is pursued. In some companies not a single line of code gets out without triggering alarms.
In contrast, business data that is transferred externally is often not protected very well, if at all. Security measures for internal networks don‘t include emails as data in transit.
Emails per se lack security: if they‘re neither digitally signed nor encrypted, they can be spied on and manipulated without leaving traces. Whoever has access to the data lines or mobile networks that emails are transmitted through is able to read them. Many businesses neglect this issue since attacks are invisible and leave no traces.
Encryption projects are on the agenda of all businesses, but often get postponed over several years. Even Snowden‘s revelation of daily mass data surveillance by secret services – which is also used for economic and indusdtrial espionage – did not change much.
However an attack on emails through the internet can be executed with a mere fraction of the required effort compared to recent attacks on DAX companies associated with the feared Chinese hacker group “Winnti“.
In times of big data, cyber criminals are not on the lookout for a single email which contains the most sensitive information of highest value. The entire email traffic of businesses is captured, copied and analyzed. Big data software allows easy filitering and automated profiling. The results can also be used to determine where the next elaborately orchestrated attack on internal infrastructures would be the most rewarding.
Businesses that believe they can keep postponing their email encryption projects could soon experience an unhappy awakening.
Z1 SecureMail Gateway automatically secures emails in internal and external networks. Place your request today.