Editors' pick: Originally published July 28.
The breach of the Democratic National Committee's email by the website Wikileaks published a trove of over 20,000 emails. It reminds us of the urgency of concerns surrounding cyber security.
"No email that you've ever written is ever deleted. There's always a copy out there," says Stephen Ward, a vice president with Pinkerton, an expert in risk management and security who specializes (among other things) in electronic security. "So you should always use that common sense approach: If this is something that's groundbreaking for my company or it could change the world, should I send that in an email? Probably not."
One of the biggest problems with cyber theft, he explained, is the online data can't be destroyed. Once a user's secrets are released, they're gone.
Ask any security expert and he or she tell you email's single biggest point of vulnerability is its open platform.
"Email is the most popular tool for spreading malware, compromising organizations, or stealing personal information," said James Scott, a Senior Fellow with the Institute for Critical Infrastructure Technology. "A single compromised email account can be used to map the organization through mailing lists, to compile client lists and profiles through established correspondence, to accumulate sensitive information, and to target and compromise other user accounts."
The guts of this system have remained largely unchanged since the 1970s. While clients and interfaces have gotten more complex, the basic email architecture remains swapping plain text files.
According to Amir Husain, CEO if cyber security firm SparkCognition, most people broadcast highly sensitive information across a very public platform.
"Email is based on a text format. There is nothing about email that incorporates security or encryption," he said. "It's basically an open network based on trust. From that there is the huge benefit that anybody on the planet can connect with anybody else on the planet, but the downside is that you can have what many people perceive to be a trusted communication scheme contributed to by people with malicious intent."
User Error
Technical exploits account for only a small portion of a hacker's success. The biggest vulnerability on a network is us.
"Attacks that target the user, such as phishing or social engineering campaigns, have a ridiculously high success rate," Scott said. For example, when "phishing," thought to be how the DNC's server was attacked, hackers send out emails with a link to websites containing malicious software.
