infoTECH Feature

March 26, 2015

Unsecured Email Is One of Our Largest National Security Threats

While Hillary Clinton, Marco Rubio and Jeb Bush scramble to assure reporters that their use of personal email for government business was secure, the verdict isn’t in yet on whether computer security experts agree. We do know the practice of using personal email for business – whether in the political or corporate world – is widespread. Unfortunately, using private or hosted email is almost exactly like sending one’s private emails as postcards in the U.S. Mail: any attacker can easily get the email and read it.

Hillary is just the latest political figure to have the spotlight on her email habits. Whether Colin Powell’s extensive use of personal email during his tenure as Secretary of State, or President George W. Bush and Governor Sarah Palin’s (both saw their emails stolen and leaked between 2008 and 2013), the email accounts of government figures are under constant attack – and not just by the novice hackers who successfully compromised Bush and Palin’s accounts.

Threats abound in both the public and private sector: a recent survey found that one-third of U.S. government officials sometimes or often use personal email for official communications. And both consulting firms and news reports consistently suggest personal email usage for business matters is widespread among the corporate world, including CEOs. Many executives at public companies don’t realize that under the Sarbanes-Oxley Act, they risk federal prosecution for the use of personal email – particularly if company information was compromised. Similarly, little attention is paid to the fact that for services like Gmail and Office 365, dozens and even hundreds of system administrators can easily access their email, increasing the likelihood of a breach or leak. Meanwhile, even when organizations strictly use official email, threats from unsecured or half-secured networks abound: cyber security has never been more important, and leading IT security firms nearly unanimously cite email-related attacks and leaks as among the biggest threats to organizations of all sizes.

Email is arguably our most vulnerable, most-targeted and most common online activity – and it’s increasingly the first point-of-entry for attacks in the new normal of cyber warfare. Consider the threat of a cyber “Pearl Harbor,” a catastrophic attack on crucial U.S. networks long warned of by the defense community, including former Secretary of Defense Leon Panetta. With the 78 percent year-over-year increase in personal data records compromised in 2014 (more than one billion personal data records), unsecured emails are one of the weakest links for any organization. As Panetta warned in 2012, hackers “could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Last year’s Sony Pictures hack was one of the early battles in an all-out cyber war. Terrorists, rogue countries and “mom-and-pop” hackers aim to inflict significant costs and pain on individuals and institutions for financial gain, activism, military advantage, and in some cases, no reason at all. Meanwhile, perhaps more than any cyber attack in history, the Sony Pictures hack has underscored the importance of protecting both email and data centers. Not only did the hackers steal all the emails and post them online, but they also disabled 75 percent of Sony Pictures’ servers, making it impossible for the company to operate.

In the interest of customers, national security, and yes, the bottom line, companies – and our government leadership – must invest in leading edge encryption and security best practices. These include:

  • Adopting the best and latest in encryption technology and protecting all data within the data center: encryption should be policy-based, with limited access for a minimal number of employees
  • Protecting all email using the best and latest in encryption technology that works inside and outside the firewall. With new technology, companies can shred email whenever needed, no matter where the email has been forwarded
  • Forgetting the single password: Employees should use both their password and their mobile device to login, also known as Multifactor Authentication
  • Adopting the best and latest technology for firewalls to protect computer systems

Failing to invest in the best possible encryption technology is a losing strategy for organizations of any size and consumers. It’s well known the Internet wasn’t designed with security in mind, and email certainly wasn’t. Cyber threats and digital warfare are the new norm, but unless corporations, government officials, and individuals take responsibility for securing our digital networks – as well as safeguard our most vulnerable activities, starting with email – events like the Sony Pictures Hack could be considered a canary in the coalmine for the vulnerable state of our online communications. 

About the Author: Richard is an industry veteran, executive, and technologist. Prior to joining PivotMail, he was CEO and President of Vormetric for 5+ years, leading the company from a small company to becoming the leader in Data Encryption and Key Management for the Enterprise, Virtual, and Cloud Environments. Richard grew the company to a 43 percent growth rate with four years of profitability. Previously Richard was Sr. VP of Products for Siebel Systems (News - Alert) ) where he was responsible for driving product strategy, direction and execution for over $1 billion of revenue products. Prior positions include VP of Marketing at Claris (Apple’s  software company) and VP of Databases at Borland. Richard attended MIT (News - Alert) for five years and has a B.S. and M.S. in Computer Science and a Master’s degree in management from the MIT (News - Alert) Sloan School of Management.




Edited by Dominick Sorrentino
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers