Embed Size (px)
Citation preview
HOW MUCH CAN YOU TRUST EMAIL?The most significant risks and 3 sure ways to mitigate them
Many organizations focus on protecting against external attacks but ignore a threat that might be even more destructive: Email.
Theft of confidential data for corporate espionage, the disclosure of trade secrets, material for digital extortion or the release of private health information to the public can all be gained from email.
• The typical employee sends 30 EMAILS A DAY
• One out of every four corporate emails CONTAIN ATTACHMENTS
• The majority of emails, are openly sent and EASILY INTERCEPTED. 61% of employees admit sending confidential information through open email channels.
Email was the dominant communication mechanism in 2015 with over 116 billion business messages sent a day. That’s 116 billion chances for sensitive information to be intercepted – either with malicious intent or accidentally.
BY 2019, CORPORATE EMAIL ACCOUNTSWORLDWIDE WILL EXCEED 1.3 BILLION!
FINANCIALSERVICES
HEALTHCAREINDUSTRY
OIL & GASINDUSTRY
Over 59% of financial services companies hold significant amounts of financial, health and
personal information.
76.7% share the sensitive data they hold electronically
with business associates.
91% had at least one data breach involving the loss or theft of patient data, while
87% of their business partners experienced a
digital breach of private information.
70% of healthcare organizations worry most
about insider misuse.
Given the industry’s competitive nature,
highly-valued intellectual property, and broker
transactions ranging in the millions – the threat to email
is significant and very real.
43% ranked employee negligence as the top-ranked
security threat.91% 87%59% 76.7%
43%
HIGHLY REGULATED INDUSTRIES ARE PRIME TARGETS FOR EMAIL SECURITY THREATS.
FINANCIALSERVICES
HEALTHCAREINDUSTRY
OIL & GASINDUSTRY
Over 59% of financial services companies hold significant amounts of financial, health and
personal information.
76.7% share the sensitive data they hold electronically
with business associates.
91% had at least one data breach involving the loss or theft of patient data, while
87% of their business partners experienced a
digital breach of private information.
70% of healthcare organizations worry most
about insider misuse.
Given the industry’s competitive nature,
highly-valued intellectual property, and broker
transactions ranging in the millions – the threat to email
is significant and very real.
43% ranked employee negligence as the top-ranked
security threat.91% 87%59% 76.7%
43%
HIGHLY REGULATED INDUSTRIES ARE PRIME TARGETS FOR EMAIL SECURITY THREATS.
THE CONSEQUENCES OF FAILING TO ENCRYPT CAN BE SEVERE
857.7 MILLION records have been breached since 2005. This is the equivalent to roughly 86 million records breached per year, that’s more than 230,000 records breached on a typical day, and about 187,000 records lost per breach incident.
That’s alarming given the average cost of addressing a data breach tops $3.8 million US. The cost of a data breach varies by industry. The average global cost of a data breach per lost or stolen record is $154 US. However, if a healthcare organization has a breach, the average cost could be as high as $363 US. As a final comparison, a data breach due to human error or negligence costs $137 US per record.
• Notification costs: All necessary activities required to report the breach to appropriate personnel within a specified time period.
• Breach response costs: All activities required to notify data subjects with a letter, telephone call, e-mail or general notice that personal information was lost or stolen.
• The cost of providing credit-monitoring services for at least a year.
• Reputational damage.
• Loss of business.
• Negative publicity: Extensive media coverage, further damaging the organization’s reputation.
QUANTIFYING THECONSEQUENCES
HARDSHIPS ON CUSTOMERS
• A full 71% of fraud incidents begin less than one week after a data breach • $16 billion US stolen from 12.7 million identity fraud victims last year
HARDSHIPS ON BUSINESS
In addition to the costs for addressing data breaches:
• Class actions, regulatory and criminal investigations are here to stay, as well as individual actions resulting in damage awards. • Cyber Risk, Liability and Insurance — one which companies are paying top dollar for with the expectation they will inevitably take a hit.• Cyber Risk, Liability and Insurance market to hit $10 billion US by 2020.
Less than 50% of high
profile breach costs were
covered by insurance.
(Target & Home Depot)
<50%
Email encryption has been around for quite some time, yet the majority of corporate emails, are sent unencrypted.
WHY? Encryption methods such as PGP, TLS, S/MIME, Encrypted PDF/ZIP,
and PKI are all valuable, however, individually, none of the methods can respond to the demands of users.
By offering users CHOICES, not LIMITATIONS, you dramatically improve experience, security and
enable new business opportunities.
HOW DO YOUSOLVE THE PROBLEMS?
WARNING!WARNING! Some encryption solutions lack efficient automation and so do not offer the ability to easily define and apply policies.Some encryption solutions lack efficient automation and so do not offer the ability to easily define and apply policies.
Identify privileged communications, as well as content that could harm your organization's reputation if intercepted. This includes
financial projections or statements, and email messages that contain confidential information like bids, intellectual
property, medical records or personal data.
This email content represents the majority of risk in most organizations and is easy to address using policy based encryption triggers.
Policy Based Encryption (PBE) protects email in a way that’s transparent to users. PBE scans for keywords, regular expressions, lists, and
attachments based on pre-defined definitions to identify elements at risk, such as credit card numbers, medical information, etc. and then automatically encrypts as required, eliminating the human element.
STEP 1:FOCUS ON OBLIGATION TO PROTECT DATA
WARNING!WARNING! Some encryption solutions lack efficient automation and so do not offer the ability to easily define and apply policies.Some encryption solutions lack efficient automation and so do not offer the ability to easily define and apply policies.
Identify privileged communications, as well as content that could harm your organization's reputation if intercepted. This includes
financial projections or statements, and email messages that contain confidential information like bids, intellectual
property, medical records or personal data.
This email content represents the majority of risk in most organizations and is easy to address using policy based encryption triggers.
Policy Based Encryption (PBE) protects email in a way that’s transparent to users. PBE scans for keywords, regular expressions, lists, and
attachments based on pre-defined definitions to identify elements at risk, such as credit card numbers, medical information, etc. and then automatically encrypts as required, eliminating the human element.
STEP 1:FOCUS ON OBLIGATION TO PROTECT DATA
When IT professionals were asked to rate the end user experience for encryption, only 17% agreed that encrypted emails are easy for
people to open.
When IT professionals were asked to rate the end user experience for encryption, only 17% agreed that encrypted emails are easy for
people to open.
For email encryption to be accepted and used across an organization,you need to deploy transparent solutions; recognizing that
users will follow the path of least resistance, encryption solutions should adapt to your environment and be user experience driven.
THE BEST ENCRYPTION SOLUTIONS WILL:
• Cover all business use cases - offering both push and pull delivery: TLS, Encrypted PDF, Encrypted ZIP, PGP and S/MIME, and web portal pickup.
• Support the full range of mobile devices with built-in OAuth options: Google+, Live, O365, Facebook, LinkedIn, Salesforce.
• Include customizable multi-tenancy encryption policies and branding options. Brand is critical to reputation. It gives your recipients confidence
that the email being sent is legitimately yours.
STEP 2:FOCUS ON DRIVING USER ADOPTION
Cost and ease of key administration can vary between solutions.
Some encryption solutions offer basic key management that require on premises infrastructure and dedicated IT staff to manage, while
others offer adaptive solutions that provide fully managed on premises, cloud and hybrid deployment models.
Echoworx's OneWorld encryption makes implementing these three steps easy. For more information or to book a demonstration visit
our website. https://echoworx.com
STEP 3:FOCUS ON REMOVING THE COMPLEXITIES
OF KEY MANAGEMENT
SOURCES:Ponemon Institute's 2015 Global Cost of Data Breach StudyPonemon Institute's Benchmark Study on Privacy & Security of Healthcare DataTechnavio 2015-2019 Global Email Encryption Market ReportAon: Trend Snapshot for Financial Institutions 2014Opswat: White Paper Protecting the Oil & Gas Industry from Email ThreatsJavelin Strategy & Research 2015 Identity Fraud Study
About Echoworx
Since 2000, Echoworx has been bringing simplicity and flexibility to encryption. Echoworx’s flagship solution, OneWorld Enterprise Encryption, provides an adaptive, fully flexible approach to encryption that ensures the privacy of sensitive messages. Enterprises investing in Echoworx’s OneWorld platform, are gaining an adaptive, fully flexible approach to encryption, creating seamless customer experiences and in turn earning their loyalty and trust.
