Email-based cyber penetrations should cause industry and government to consider utilizing alternative communication channels, says the European Network and Information Security Agency.
In a March 13 flash note (.pdf), the European Union's cybersecurity agency says a raft of reports of cyber penetrations accomplished through spear-phishing--such as Alexandria, Va.-based Mandiant's Feb. 19 report about Chinese military hacking--prompted it remind users about email insecurity.
"When you say that email is not secure, [people] are shocked," said Louis Marinos, an ENISA senior expert risk management. Existing phishing filters and antivirus products "do not seem to be always working when attacks are performed over a long period of time," the report says.
The report says that in the short term, organizations should utilize encryption and possibly sender authentication frameworks, but that in the long term, they should look toward methods of communication that "better protect users from spoofing or phishing."
In an interview, Marinos said ENISA means by that communications sent within social media networks or inside of closed environments.
The long-term trend of electronic communication will be to favor those methods over email, Marinos said.
"Traditional email solutions will be there for some time, but there is a shift," he said.
- download the flash note, "Cyber-attacks – a new edge for old weapons" (.pdf)