Exchange email attack compromises UK firms


Hundreds of UK companies have been compromised, with over 500 email servers potentially breached as the impact of Microsoft Exchange’s four software vulnerabilities continue. The attack allowed criminals to access email servers and steal valuable data due to the lack of end-to-end encryption (E2EE). Unencrypted email, unless PGP, is just a sitting target if your server gets breached, much like Microsoft’s.

The Exchange vulnerability is really unfortunate, but what’s really terrifying is that the vast majority of the exposed mail folders will have been unencrypted.  Email is no longer fit for purpose – it’s slow and cumbersome, and even after decades end-to-end-encryption is not the norm.

Real time collaboration and messaging, with end-to-end encryption, gives organisations a far more secure way to communicate. Even if a similar server-based breach occurred, data would be encrypted and therefore unreadable to malicious third-parties.

This reality is here today. Any Matrix-based service, for instance, can be end-to-end encrypted by default. We have governments using Element, precisely because it offers end-to-end encrypted collaboration.

But buyers need to do their due diligence. More traditional collaboration tools, like Slack and Microsoft Teams, are not end-to-end encrypted – and as a result are very attractive honeypots for attackers.