One of the largest gaps in our security is email. An example from a recent experience reported in Business Week highlights the risks:
“The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as “Poison Ivy” designed to suck sensitive data out of the $4 billion consulting firm’s computer network.
The Pentagon hadn’t sent the e-mail at all. Its origin is unknown, but the message travelled through Korea on its way to Booz Allen. Its authors knew enough about the “sender” and “recipient” to craft a message unlikely to arouse suspicion. Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org, which is registered through an obscure company headquartered on the banks of China’s Yangtze River.” [Source: Business Week April 10, 2008]
When you consider why we use email so much in business you realise that it is mostly used as a collaboration tool. But we are using a collaboration tool that does not enable us to ensure the identity of the other party. This does not seem secure or sensible now that we have viable online collaboration tools.
Given the risks inherent in normal everyday email communications isn’t it about time we started coming up with alternative collaboration techniques for business?
For the record I should note my deep and abiding dislike of email. I firmly believe it to be a primitive and inefficient means of communication.
By Carruthers via Aide-mémoire