From Zero to 200 Billion
Email has been one of the most important inventions of our time.
Love it or – as many do – hate it, we get dozens to hundreds of them a day. They travel at the speed of light, across oceans and continents. They power the communications of businesses large and small, families and friends, NGOs and governments alike.
When Ray Tomlinson sent the first email back in 1971, it was far cry from the complex and advanced email that we see today. Microsoft (born in 1975), Apple (1976) and certainly Google (1998!) didn’t exist. Computers were still thought of as things that “no-one would want in their homes”. The first commercialized version of the modern fax machine was introduced in the mid-1960s.
A single email today can carry more megabytes than Ray’s computer had (and cost over 200 thousand in 1970 dollars). Email clients such as Gmail, Outlook and others provide a feature rich experience, connecting email with meetings, schedules, tasks, reminders, groups, notes and more to keep us organized, productive and informed. Over 200 billion emails are sent per day.
And yet, more than half of those emails are spam or have malicious intent in some form.
Early Spam
Spam has been around for a surprisingly long time.
In fact the first bulk Unsolicited Commercial Email (UCE) was sent on ARPAnet in 1978. The first documented online use of the term spam was in 1993. At first, spam was harmless, advertising businesses or controversial ideas. By the 1990’s it was becoming a problem, enough to get the first rudimentary spam blockers up and running to block junk emails. One of the first systems was called MAPS or Mail Abuse Prevention System, which tracked the (IP) addresses of senders and could well be considered the dawn of email security era.
Earliest Attacks
While through the 1990’s spam was generally harmless unsolicited email, it became a more substantial threat as the 21st century dawned.
In the year 2000, the ILOVEYOU worm and its strains infected an estimated 45 million computers (and a significant percentage of all operation computers at the time) and caused an estimated $30 billion in damage (in today’s dollars). This was an important event, as it highlighted the vulnerabilities of email while it was still gaining the widespread adoption that it knows today. In the early 2000s, a few arrests were made, and laws and technology were introduced, aimed at curbing spam and email-based attacks. However, the incredibly low cost and the highly profitable nature to execute them, ensured that the number of spam emails skyrocketed through the early 2000s.
It is estimated that over 50% of email today is spam, and it costs each individual employee more than $1000 per year in lost productivity.
Spam Today
Spam today costs businesses in the billions of dollars each year. These costs include not only the impact of attacks, but lost productivity, costs to internet service providers, admin time, and filtering costs. Now, with many effective solutions available to filter out the huge majority of spam email, more targeted threats have begun to gain popularity among cyber criminals. The threats getting through to users today are becoming increasingly menacing and negatively impactful.
The Role Email Plays in Cyber Security
Most attacks begin with email, whether as spam, fraud or phishing.
The exact number fluctuates, but a variety of reports point to email as being the top entry point. There are other entry points onto a network. Code on a malicious website is one way. Remote access is also possible if a connected system is vulnerable. Connected devices (such as Internet of Things or IoT devices) can present another vulnerable entry point. USBs can be connected to your computer to install malware. And there are more. In many of these cases though, the combination of it being difficult to execute these attacks and technological advancements have dramatically limited the effectiveness of these attacks.
Email has been a vulnerability for many organizations for a very long time, and when combined with social engineering and cyber-assisted crime, criminals can exploit the untrained eye and uniformed user to launch large scale attacks.
In 2004, Bill Gates infamously declared that within 2 years, spam would be a thing of the past. Today estimates are that Spam email makes up between 40%-60% of all email sent. It is estimated that the cost of Spam may reach over $250 billion per year if current trends continue. And it’s become much more sinister.
When John Podesta, Chairman of Hillary Clinton’s 2016 Presidential Campaign, reset his password via a phishing email, he not only set off a string of events that played a part in the Democrats losing the 2016 presidential election, but he also unwittingly set off a significant shift in the public perception of email threats. No longer were spam and phishing emails only a threat to everyday productivity, but they had also become a clear concern to national security. Contemporary to this seismic shift, criminals were also becoming more resourceful at extracting direct profits from new threat vectors. Cryptolocker, for example, is a ransomware which infected 500,000 machines, and spread primarily through email.
These more technical attacks aren’t the only ones that have had an impact. So many small and medium sized businesses have fallen for email based scams, especially Business Email Compromise, where someone impersonating a supplier, partner or other stakeholder requests urgent funds – and other forms of fraud perpetrated through email. Google and Facebook have lost millions to these scams. So have people purchasing real estate. And so many more. These attacks are costing people billions per year according to the FBI.
Building Awareness
Many of these attacks can be attributed to human error or a simple lack of awareness. It is for precisely this reason that we built this email security awareness program. We hope after completing this program you will be armed to ensure you and your organization won’t be the next victim.
Prefer to take our email security
program by email? Subscribe here:
