Have you seen the mail I just sent?
In 1971 the first ever One Day International cricket match was played; the Nasdaq stock exchange was founded, and Led Zeppelin first played Stairway To Heaven. It was also the year the first electronic mail was formalised in the Request For Comment (RFC) 196 through what became known as the Mailbox Protocol. Ironically, this protocol was never implemented but it started a flurry of RFCs through the 70s into the 80s ending with Simple Mail Transfer Protocol (SMTP) a protocol we still use today.
Technology seems to go two ways, it’s either superseded quickly by something more secure or performant, or as the case of SMTP email, good enough to seemingly exist forever.
Like most technologies and protocols traceable back to the early stages of computing, security in SMTP wasn’t at the forefront of the writers thoughts when authored, as a result subsequent enhancements have been made to avoid pitfalls like spamming, man-in-the-middle and interception. But despite all of this, it’s still here and shows no signs of relenting despite mobile phones, Teams, Slack and other platforms coming into our digital lives.
Email Security has been around almost as long as the concept of email, but arguably it still isn’t fixed. Something like 90%+ of all breaches still have origins in email, it’s not just an external attack vector either, with the amount of email we send and the swathes of data we include in them it’s a real issue for data exfiltration both intentionally and unintentionally.
We’ve all sent an email to the wrong person before and felt the overwhelming panic, haven’t we?
Traditional Email Security looked to address the technical aspect, things like MTA records in DNS helped to try and stop spoofing, later we saw similar DNS based approaches like SPF, DKIM and DMARC to prevent unauthorised parties impersonating users and sending domains only being enabled or accepting from certain email relays.
We also saw the invention of email gateways, this meant funnelling our email traffic through a specific point and using software rules to check for nasty attachments, offensive content or unsolicited mails that Administrators wish to keep from their users inbox.
But despite all that, email’s still a problem, and love it or hate it that problem is here to stay. I currently have 68 unread potential problems in my inbox, and I’ve been online for 4 hours today already answering them!
Therein lies one of the predicaments, email is used extensively by human beings, and unfortunately, human beings can be duped far easier than machines and even the most adept earthlings make mistakes. Humans’ login to emails with credentials, memorable words or phrases, inherently less secure than other authentication means.
An email can be dangerous without a technological attack, simply being words on the screen an email can misdirect individuals to mis-share information, to phish them into clicking a hyperlink or reply when they should be deleting and ignoring.
HANDD work with vendors that help manage all of the aforementioned threats. With our Email Security solutions, your customers can trust an email claiming to come from you will actually be from you and your employees can be assured that advanced targeted email attacks can’t make it past your secure email gateway.
If you’re worried about Email Security in any capacity, then talk to our experts to learn why Email Security deserves higher priority in your security controls environment.
Get in touch via email info@handd.com.my or call us on +603 2935 9801.