Expert Views: Microsoft Exchange Is Not The Issue, Email Is

The damage of Microsoft’s recent email hack continues as criminal groups rush to take part in the action, exploiting vulnerabilities and compromising victims before it is secured. 

The attack targeted flaws in email software that allowed criminals to steal valuable data due to the lack of end-to-end encryption (E2EE). Unencrypted email, unless PGP, is just a sitting target if your server gets breached, much like Microsoft’s. An increasingly attractive target too, when you consider the average office worker spends 40 emails per day.

Notify of
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Matthew Hodgson
Matthew Hodgson , CEO
InfoSec Expert
March 10, 2021 1:32 pm

<p>The Exchange vulnerability is really unfortunate, but what’s really terrifying is that the vast majority of the exposed mail folders will have been unencrypted.  Email is no longer fit for purpose – it’s slow and cumbersome, and even after decades end-to-end-encryption is not the norm.</p> <p> </p> <p>Real-time collaboration and messaging, with end-to-end encryption, gives organisations a far more secure way to communicate. Even if a similar server-based breach occurred, data would be encrypted and therefore unreadable to malicious third-parties. </p> <p> </p> <p>This reality is here today. Any Matrix-based service, for instance, can be end-to-end encrypted by default. We have governments using Element, precisely because it offers end-to-end encrypted collaboration. </p> <p> </p> <p>But buyers need to do their due diligence. More traditional collaboration tools, like Slack and Microsoft Teams, are not end-to-end encrypted – and as a result, are very attractive honeypots for attackers.</p>

Last edited 1 year ago by Matthew Hodgson
Information Security Buzz
Would love your thoughts, please comment.x