The World Is Scary And Full Of Leaks

by | Apr 30, 2020 | Behavioral InfoSec, Email Market, Email Tradecraft, Executive Email Security

Prickly But Not Impossible

There is a prevalent misconception about security, that it is definite. That security is a state that is or is not. But that’s not true. Security is simply increasing the difficulty of compromising something. Equally decreasing the risk of damage from attackers. Have you heard of how long it would take to crack password X? It’s a fun exercise, estimating how long it would take to brute force a password. And it is an excellent example of the reality of security. Given infinite time and resources no password is safe forever. Security therefore, is a characteristic of making it hard for an attacker to do a bad thing like crack a password. Not preventing said bad thing from ever happening. This is an important concept to understand. Security is never a problem that is binarily solved. It is an answer to a formula. I need it to take more than X time with X resources to compromise my system.

Prickly To The Enemy, Not Your Users

Imagine a triangle. On each point is in order, cheap, easy, secure. You can choose two qualities for your system to have. That is the nature of security. If you want something to be secure, it will either be expensive or hard to use. Which is possibly the greatest challenge facing communal security. Adopting good security is usually difficult or expensive, emphasis on difficult. Imagine a door without bolts. It is very easy to use. Push on the door and it opens. It is very usable, but not secure at all. Imagine you line the edges with locks. Now it is extremely secure, but it is not usable because it takes 20 keys and 45 minutes to open. This is one of the greatest pitfalls of security. The more secure, the more the hassle which causes people to move towards what is usable. A balance Enveloperty strives to have.

Prepare The Bilge Pumps

As mentioned above, security isn’t a tree to be chopped down once and forever. It is keeping the sea at bay. A constant and evolving contest. Evidence of this is here. Emails being innocuously leaked to third parties. This demonstrates the continuous nature of email security. Email security is regarded by many as a non priority. We believe this is mainly because they don’t understand how valuable their email is. People and organization don’t recognize the tremendous havoc that can be caused through phishing or compromise.

The leaks in the article also show how in security things don’t go how you think they will. The whole point, is to do what the defender isn’t prepared for. Which is why Enveloperty is so vital. Attackers build labs and test against filters until they find a way through. A hard left gets them through the filter. But they need to take a hard right to get through Enveloperty. When filters and Enveloperty are paired together, it creates a painstaking barrier for the attackers to pass through.