Expert Views: Microsoft Exchange Is Not The Issue, Email Is

The damage of Microsoft’s recent email hack continues as criminal groups rush to take part in the action, exploiting vulnerabilities and compromising victims before it is secured. 

The attack targeted flaws in email software that allowed criminals to steal valuable data due to the lack of end-to-end encryption (E2EE). Unencrypted email, unless PGP, is just a sitting target if your server gets breached, much like Microsoft’s. An increasingly attractive target too, when you consider the average office worker spends 40 emails per day.

Experts Comments

March 10, 2021
Matthew Hodgson
CEO
Element

The Exchange vulnerability is really unfortunate, but what’s really terrifying is that the vast majority of the exposed mail folders will have been unencrypted.  Email is no longer fit for purpose - it’s slow and cumbersome, and even after decades end-to-end-encryption is not the norm.

 

Real-time collaboration and messaging, with end-to-end encryption, gives organisations a far more secure way to communicate. Even if a similar server-based breach occurred, data would be encrypted and therefore

.....Read More

The Exchange vulnerability is really unfortunate, but what’s really terrifying is that the vast majority of the exposed mail folders will have been unencrypted.  Email is no longer fit for purpose - it’s slow and cumbersome, and even after decades end-to-end-encryption is not the norm.

 

Real-time collaboration and messaging, with end-to-end encryption, gives organisations a far more secure way to communicate. Even if a similar server-based breach occurred, data would be encrypted and therefore unreadable to malicious third-parties. 

 

This reality is here today. Any Matrix-based service, for instance, can be end-to-end encrypted by default. We have governments using Element, precisely because it offers end-to-end encrypted collaboration. 

 

But buyers need to do their due diligence. More traditional collaboration tools, like Slack and Microsoft Teams, are not end-to-end encrypted - and as a result, are very attractive honeypots for attackers.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.