Last month it was reported that hackers, purportedly linked to China, had gained access to email accounts at over twenty organisations, including some US Government agencies. This was cause for concern as it was seen as the latest in a series of cyber-espionage attacks targeting government infrastructure in the US and its Western allies.
In recent years, the scale and sophistication of state-funded attacks has increased, with the US claiming the Chinese government is behind repeated attempts to compromise sensitive network data. China denies the allegations and counterclaims that the US and its allies are targeting China’s digital infrastructure.
In this latest attack, hackers leveraged a weakness in email security and gained access to email accounts in US state and commerce department organisations, among others, thanks to a vulnerability in Microsoft’s cloud computing environment (a threat that has now been mitigated according to Microsoft). The problem is, the hackers had already been operating under the radar for some time, having gained access a month prior to Microsoft beginning its investigation. In this instance, access was gained by forging the digital tokens used to authenticate users on the internet.
As malicious or sophisticated as this hack may have been, it is the latest in a long list of successful attacks that highlight the importance of email security, how vulnerable email is as a channel for sharing sensitive information, and how effective it is as a vehicle for delivering malware.
Email security is one of the genuine weak links in an organisation’s digital landscape. A 2022 survey found that over 90% of businesses had experienced a data breach as a result of a user either sending an email to the wrong person or attaching the wrong file. Hackers use a wide range of sophisticated attacks, from phishing to social engineering, to spoof or steal credentials and gain access to corporate assets.
Whilst email provides a convenient method of communication between geographically dispersed users, it should not be used as a vehicle for the exchange of sensitive or personally identifiable data. Secure file sharing applications, like SureDrop, provide a much more resilient platform for file storage and collaboration amongst teams.
Why SureDrop?
Whatever your organisation size or type, if you take file sharing and collaboration security seriously, here are five good reasons why SureDrop could be just what you’re looking for:
Information Security: You share personally identifiable, confidential or high-value data that, should a breach occur, could result in financial penalties, loss of revenues or brand reputation.
Compliance Obligations: Industry regulations, or internal IT policies, may prevent you from using public cloud-based “box” type applications because they fail to meet stringent security standards.
Secure by Design: You may be looking to implement a zero-trust architecture to protect your digital landscape and believe security should be a founding principle, not simply an afterthought.
Hybrid Workforce: Your users are geographically distributed, and you need a secure method of storing and sharing files across public or private infrastructure and a wide range of devices.
Data Sovereignty: Data protection mandates may dictate where your data is held and you need a solution that provides 100% control over file location, so you can guarantee data sovereignty.
