This year marks the 50th anniversary of email, which kickstarted a rapid and unprecedented expansion and acceleration of communications across the world since its inception with the first electronic message sent by engineer Ray Tomlinson from one computer to another over a network. Below is a timeline overview, starting with the first email, to commemorate 50 years of technological evolution as well as best practices for keeping your email secure.
Exploring the History of Email Security
Even before the first computer-to-computer or networked email was sent, the concept of electronic mail was in the works. No technology magically appears in the world. For email, this prehistory came in the form of two individuals – Noel Morris and Tom Van Vleck – working on a program that enabled communication between mainframe computer users. This precursor was intended for the Compatible Time-Sharing System (CTSS) at the Massachusetts Institute of Technology (MIT); the CTSS Operations department used this system to inform users that file retrieval requests had been completed. Simultaneously, several other governmental and corporate systems were evolving on parallel paths, including the SDC’s Q32 operating system SDS 940, the U.S. military’s AUTODN system, and IBM’s CP/CMS. Ultimately, all of these projects would lead to the introduction of email in the early 1970s.
Then in 1971, Ray Tomlinson, a contractor working for the United States Department of Defense at the time, devised software for communicating over ARPANET, the government’s network that allowed computers to access centralized computing resources. Tomlinson was successful in sending a message – likely something like “QWERTYUIOP” – from one computer to another. Tomlinson also introduced the “@” symbol for use in email. It was a momentous occasion in the history of electronic messages. Fast forward to 2004, Google launched the first iteration of the now omnipresent Gmail, and Microsoft launched its Office 365 product in 2011. These cloud-native solutions, now the norm, revolutionized how organizations would do business. With email as the underpinning that led to this digital transformation, innovation continues.
Today, email’s use is pervasive, and it’s not going away anytime soon. In fact, there are over 5 billion mailboxes in use today. And many of us use more than one to communicate with our co-workers, our families and our friends. We use email to serve a multitude of purposes and without it, our lives wouldn’t experience nearly the productivity we attain through email.
The Rise of Email Cyber Threats
Email is a significantly important form of communications, collaboration and productivity tool with an estimated 4.1 billion email users worldwide send an estimated 320 billion emails daily.
Unfortunately, email is also a primary threat vector used by bad actors. In fact, according to the 2021 Verizon Data Breach Investigations Report, the threat posed by malicious emails took on an entirely new meaning with the use of phishing in successful breaches jumping to 36% versus 25% the year before. The use of ransomware doubled to 10% of breaches versus the prior year and even incorporated ransomware extortion tactics where attackers first exfiltrate sensitive data before encrypting files within the victim’s environment and use their possession of that data for added pressure.
Login credentials are utilized by bad actors as a relatively easier way to break into an organization’s environment by using the privileged access of a legitimate user. According to the Verizon report, approximately 58% of the spoils obtained by threat actors were legitimate credentials which is a path of least resistance for threat actors.
There’s also an increase in multi-vector attacks where attackers are using more than one threat vector as part of their efforts when targeting an organization. And finally, we are seeing the early indications of threat actors employing more sophisticated technologies such as AI and machine learning to aid in their efforts. The combination of all of these developments means that the future of email security must go beyond email to incorporate other areas of your security infrastructure. This means that email must be platform- or fabric-enabled to share Indicators of Compromise or IoCs across infrastructure while automating workflows including Incident Response to take the burden off of security operations teams.
Email Security with Fortinet’s FortiMail
Fortinet provides advanced protection for email through the Fortinet Security Fabric, safeguarding organizations’ valuable data, employees, and productivity. With the ability to work seamlessly with any existing email infrastructure investment, Fortinet FortiMail can help organizations guard against the full spectrum of email-based threats.
The interconnected nature of mission-critical business operations and email security is fundamental to digital transformation. Although email is now 50 years old, it remains young when viewed through the lens of communications history. Looking toward the future, organizations must ensure that they protect these communications to ensure robust data security and privacy for years to come with solutions like Fortinet’s FortiMail.
Photo Sources: fortinet, fortimail, cisomag.eccouncil.org