Achilles Heel of Email
Think Stock
www.cloudnician.com by
James O. Grundvig
EVOLUTION OFEMAIL
2
Route 80 ProjectNorth Jersey
NJ-DOT HQTrenton, NJ
12 kb file(Cover Sheet)
1 9 9 2Email Replaces Fax One Page at a Time
20 Minutes – 60 Miles
Think Stock Think Stock
3
10 million email accounts 16 million Internet users 25,000 websites Dial-up Internet Service
THE BIG BANGINTERNET
1 9 9 5Netscape’s Web Browser Opens the Internet
Think Stock
4TIMELINE
TSUNAMI OF SPAM EMAIL
SPAM
E V E NT
2004 2009 2013
Spam costsfirms $130
billion5
Spammers arrested
DropBox Users complain of Spam
1995
10m email
3.6 B email
Email Accounts
Think Stock
5
SOCIAL ENGINEERINGOF EMAIL
2 0 1 2Hackers Exploit People
Your friends can be used against you
Think Stock
People are the weak link Data Trolls your online life 29% of cyber attacks are conducted via email
DE-EVOLUTION OFEMAIL
6
Think Stock Think Stock Think Stock
BRIGHT IDEAOF EMAIL…
1 to Many Communication
Send Attached Files
Become more productive but. . .
7Think Stock
8
15 hrs week
$28,000/yrLost time
918 million corporate email accounts 105 emails sent per user
INEFFICIENCYOF EMAIL
300 million emails sent each day are “poison darts” 37% users don’t reply to email Email wasn’t designed to be collaborative
9
DATA BREACH COSTSTELECOM GIANT
“High-tech spies managed to infiltrate Telenor’s extensive security network and empty the contents of the top executives’ personal computers.” – Afterposten 3-17-13.
Telenor
$18B
31K20
monitor traffic 1open
zip file
Rev.
Employ.
The Hack
10
MORE DATA BREACHESBY EMAIL
2012 Attacks
- 68.2% done by hackers
- 267 million records exposed
- 1 email exposed S. Carolina’s 3.8 million tax returns
- Evernote didn’t follow own training: employee opened “reset” password email (4-19-13)
11Think Stock
HEALTHCAREEXPOSURE TO EMAIL H
12
BOSTON MARATHONBOMBING
Wounded Suspect brought to Beth Israel Deaconess MC…
HallsEmpty
Police Lockdown Hospital
What if a Terrorist launched aCyber Attack on the IT Systems?
H
Think Stock
13
Patient Privacy& Data Security H
$2.4 million (2-year) avg. cost to organization in PHI 45% claim >5 breaches (up from 29% in 2010) 2,769 stolen records/breach
75% don’t secure medical devices contain patient data
94% have leaked data
14
WHICH PATIENT DATABREACH IS WORSE? H
Class-Action lawsuit Glen Falls Hospital NY
Class-Action lawsuit 22 Florida Hospitals
Wyoming Doctor’s personal email exposes 2,900 patient records Oregon H&SU hacked twice in same year
2 Breaches, 2 States, 2 Hospitals, Same Day – Utah & Mississippi
15
CAN WE SECURE DATA?
Patie
ntDa
ta
ePhish trainingwon’t work
Think Stock
16
SEPARATION OFEMAIL & STATE
EMAILSERVER
Off-PremiseCloud
Corporate IT Network(on-premise)
External Communication
FIREWALL
Few Employees have email
Is this the New Paradigm?
17
NEW CHALLENGEOF BYOD
Off-PremiseCloud
DB1
DB3
DB2
- Remote locations- Multiple devices- How do we Secure?
Think Stock