+++ press release +++

Email in the post-firewall era: how companies can still protect themselves

Berlin, 14. October 2016

Since the last summer, NSA tools have been available on the internet that can hack firewalls and VPNs—major-provider systems previously rated as secure—without detection. With these NSA tools, attackers can achieve unlimited access to any company’s data. Only professional, extensive encryption can provide genuine protection. When it comes to security, email poses especially particular demands.

The organization that offered the new NSA hacking tools online for 1 million bitcoin on August 15 calls itself the “Shadow Brokers”. The entity leaked other functional individual elements free of charge at the same time. In the US media, former NSA employees have attributed the development of these tools to the NSA, an opinion shared by Edward Snowden via Twitter.

zertificon auf der it-sa 2016

Targeting of small and medium-sized enterprises
Software is easily copied and can be used an unlimited number of times. Therefore, it follows that the price of the NSA tools on the black market will fall in the medium term. Greater availability of this spy software means that larger firms are not the only ones who need to worry about being targeted by cybercriminals, but small and medium-sized businesses as well.
The seriousness of this matter is underscored by the German federal government’s evaluation of the tools: “The Federal Office for Information Security (BSI) has tested the ‘freely available hacking tools’ for plausibility and has come to the conclusion that these are both functional and, to a certain degree, previously unknown tools.”

Professional encryption protects sensitive data
As powerful as the NSA tools may be, they can be defeated by professional encryption solutions.
With Organizational End2End, the Berlin-based encryption specialist Zertificon has developed a product for businesses that makes the time-consuming and error-prone process of end-to-end email encryption simple and reliable. Zertificon’s Organizational End2End encrypts all emails so that document security is ensured behind the system firewall, on servers or in mailboxes. This type of solution would have rendered, for example, the Bundestag hack in summer of 2015 ineffective, as encrypted data are worthless to cybercriminals—effective protection even from NSA tools in the post-firewall era.