Business Email hacking is on the rise. What are the chances of your business’s emails getting hacked?
Cybercrime is big business
Due to increases in cyber crime and regulation Businesses, now more than ever, need to secure their data. In fact, according to a 2013 Europol Serious and Organized Threat Assessment the “total global impact of Cyber crime [has risen to] US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined Gartner predicts that in 2015 the global business community will spend just under $77 billion defending itself against cyber crime.
Many cyber criminals do not target specific information so much as they target a specific organization – they may target its website, Emails, database servers or production servers hoping to get whatever they can. In 2014 90% of large organizations reported that they had suffered a security breach and for smaller organizations the occurrence was 74%. The cost of breaches is on the rise too – starting costs for the large organization in the UK is £1.46m and for smaller organizations its £75k. As a result, the cost of cyber insurance is also on the rise.
Emails are not going anywhere
Even with the growth in the number of messaging applications in the market emails are still the first line of communication between many organizations. There are over 1 billion business email accounts sending in total 75 billion emails on a daily basis.
Generally, email hacking happens during two stages:
- In transit; and
- At rest.
And they live for a long time!
The length of time an email is in transit for is generally under 2 minutes whereas the time an email is at rest is significantly longer; businesses subject to regulation usually need to keep emails for between 6 and 7 years. They’re filed away, accessed sometimes but they’re always there. Even when an email is deleted it is not necessarily gone – in most instances the email is simply deactivated on the database. Furthermore, there’s no way to definitively know if an email has been deleted or deactivated as it depends on which service provider manages your business’s emails etc. Therefore businesses should err on the side of caution, presume each email will live forever and protect that data as such.
Protecting emails and data
Businesses spend most of their time and energy on protecting emails while they are in transit using the traditional SSL method and then rely on firewalls to protect all files, attachments and at rest email data on various servers and databases. This is an expensive and inflexible solution, which doesn’t protect emails all of the time – remember the Sony Pictures hack in 2014?
With the arrival of the Cloud some businesses looked for an encryption solution that complimented their cloud email and deployed the email provider’s end-to-end encryption solution however it’s not perfect as the providers also store the email data and attachments so a cyber attack on the business or their email provider could compromise all their data. As a result, businesses need to be sure of the robustness of the provider’s IT infrastructure as well as their own.
Some businesses deploy secure portals to send specific and sensitive data outside their organization but this is time-consuming and interrupts the email flow completely. One business could be invited to many such portals by a number of partners/advisors etc. and managing this access takes its toll on the business – imagine if every single time you needed to secure email data it took you 10 minutes to do so? For a typical US law firm with 100 employees, this problem could potentially cost up to $1.4M / year in lost productivity.
The problem with protecting emails
The problem that affects many of the world’s 1 billion business email users is that securing their email data takes time and money and this problem is magnified with the rise of employees using their personal mobiles for work emails (which can often bypass the business’s controls) and when the employee leaves the business the business has no control over that data. As a result businesses are losing control of their email data but the focus of businesses is with wider cyber security, they don’t consider the fact that emails are stored and are as likely to be hit as any other information belonging to a business in the event of a cyber attack.
And it doesn’t end there…your business may put in place rock-solid security measures to protect all its data, including its emails, but most email traffic is to destinations external to your business. Remember what happened to Hacking Team when it was (ironically) hacked in July? Ethics aside, the businesses and regimes that had interacted with Hacking Team had all of their emails leaked as a result. Do you know how robust the recipient’s security system is?
Your business IS going to be attacked
As businesses rush to comply with new regulations, maintain competitive advantage and meet customer demand security infrastructure tends to get pushed to the bottom of a growing pile of tasks. At the same time cyber crime is becoming ever more sophisticated and aggressive – if over 74% of organizations have been the subject of an attack in 2014 then it is only a matter of when and not if your business will experience a security breach. The real question is – is your business ready?
The post Email Hacking – Is your business at risk? appeared first on Jumble.
