The damage of Microsoft’s recent email hack continues as criminal groups rush to take part in the action, exploiting vulnerabilities and compromising victims before it is secured.
The attack targeted flaws in email software that allowed criminals to steal valuable data due to the lack of end-to-end encryption (E2EE). Unencrypted email, unless PGP, is just a sitting target if your server gets breached, much like Microsoft’s. An increasingly attractive target too, when you consider the average office worker spends 40 emails per day.
<p>The Exchange vulnerability is really unfortunate, but what’s really terrifying is that the vast majority of the exposed mail folders will have been unencrypted. Email is no longer fit for purpose – it’s slow and cumbersome, and even after decades end-to-end-encryption is not the norm.</p> <p> </p> <p>Real-time collaboration and messaging, with end-to-end encryption, gives organisations a far more secure way to communicate. Even if a similar server-based breach occurred, data would be encrypted and therefore unreadable to malicious third-parties. </p> <p> </p> <p>This reality is here today. Any Matrix-based service, for instance, can be end-to-end encrypted by default. We have governments using Element, precisely because it offers end-to-end encrypted collaboration. </p> <p> </p> <p>But buyers need to do their due diligence. More traditional collaboration tools, like Slack and Microsoft Teams, are not end-to-end encrypted – and as a result, are very attractive honeypots for attackers.</p>