People Trust Insecure Email Way Too Much

(Lifehacking update: Finished the analog side of a TENS device, just a
3W drugstore speaker’s amplifier feeding the low-impedance side of a 5€ 10:1 audio output transformer. No idea if it works yet — haven’t tested it, still need to generate the appropriate WAV files — but the idea of killing pain and the like by (harmlessly) making nerves go numb through electricity sounds too cool.)

I’m torn on whether this is news or not. On one hand, we all know about people sending felonious stuff over plaintext email.

On the other, compromising a senior executive’s email at ~60% of large organizations would cause that organization to lose the trust of their customers and employees.

(The study doesn’t specify whether that’s losing some or all trust.)

And only 26% of companies use two-factor authentication for access to their mail.

http://www.net-security.org/secworld.php?id=13178

“The majority of respondents reported that highly sensitive information about their corporate strategy or customer base is communicated via email. For 80% of respondents, the only thing standing between an attacker and this email communication is a username and password.[…]

If information from a senior executive was compromised, respondents surmised the top three impacts to their business would include: Public Embarrassment/Hit to Company Reputation (59%) Lost Trust Among Customers (54%) Lost Trust Among Employees (49%)[…]

For larger organizations, Public Embarrassment was seen as a potential impact for 73% of respondents with Lost Trust Among Customers at 57% and Lost Trust Among Employees at 61%. For nearly one-third (30%) of respondents, these impacts translated into potential Lost Shareholder Value.

74% of respondents were either not at all confident or only somewhat confident that their existing security precautions are adequate to prevent an attacker from penetrating their company email system. Further, 80% said that that if a bad guy obtained an employee’s username and password, he could gain access to at least some users’ accounts.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: