The Secret of a CyberSecure Organization

August 14, 2020

MITM vulnerability

Written by Jasper de Taeye, Sales Director for the Benelux market at Wire™.

Last month I started working in the cybersecurity space. Cybersecurity has always been quite a mysterious word to me. I pictured cybersecurity to be a company’s security walls to protect themselves from all kind of hackers sitting in dark rooms attacking companies through the internet wearing badass eye masks.

Over the last month, I began to understand this exciting space more accurately. I began to understand that there are so many cybercriminals out there benefiting from weak security. I began to understand that you will never be able to protect either yourself or your company 100% from cybercriminals. Just as it is equally impossible to prevent all life-threatening viruses. However, you absolutely are able to mitigate the risks of cybercrime. Even to the extent comparable to getting a vaccine to all the known viruses in the world. But even then, you are not safe from all the new viruses that are lurking around the corner. The same counts for cybersecurity. Cybercriminals keep evolving and figuring out new ways to breach our security.

Given the fact I have started to work in the cybersecurity space, I considered it to be about time to educate myself in this area. What kind of threats are actually out there nowadays? I read through all kinds of informative pages about DDOS attacks, phishing attacks, drive-by attacks, MitM attacks, and many other ways to attack innocent users on the internet. I was surprised by the vast amount of existing ways for cybercriminals to cause harm.

After having done my research groundwork, the first thing I did was to try to understand which kind of attacks we primarily have to protect ourselves from. Why did I want to know that? Ultimately you want to mitigate all risks, but often you do not have enough resources (e.g. time, capital). Hence, you have to make a trade-off. Most of us know the two main cyberattacks: phishing and ransomware. Firstly, it’s very important to be aware of these cyberattacks. However, not as common as ransomware or phishing attacks, MitM attacks are an ever-present threat to organisations in particular. IBM X-Force's Threat Intelligence says that 35 percent of exploitation activity involved attackers attempting to conduct MitM attacks.

Nowadays, we get informed almost on a daily basis about phishing attacks by governments and our organisation’s security experts. However, it is less common to be informed about MitM attacks and how to protect yourself and your organisation from them. Nevertheless, MitM attacks are increasing every year. I believe the biggest win for organisations can be made by understanding how to protect themselves well from MitM attacks. So, what are MitM attacks? A Man-in-the-Middle attack (MitM) is an attack where the attacker secretly relays and possibly alters communications between two parties who believe that they are directly communicating with each other.

An example given on Wikipedia is “active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker”. So what does that mean? It means that hackers are sometimes able to hack into your digital communication and oversee all your previous and future communication. You can imagine this can have huge implications and hence I believe the biggest win in mitigating cybercrime risk is to protect ourselves from MitM attacks.

Why do we need to do this? Because by 2021 the damages incurred by cybercrime will most likely surpass 6 trillion dollars. Yes. That is a 6 with 12 zeros behind it. This damage is comparable to the combined annual GDP of Germany and Italy.

So then the question is how can we protect ourselves from those MitM attacks? What is the secret to significantly reducing the cybercrime risk to which my organisation is exposed? A cybercriminal is able to perform a MitM attack as long as there is a connector, often a server, between the two people that are communicating over the internet. Hence, it is of utmost importance that this communication goes directly from one to the other without interception by a 3rd entity. You might wonder how it is possible? It isn’t. We always need an intermediary to pass the message along on a network. Though, if we manage to encrypt this message you can protect yourself from undesired access to your message. And to be more specific, all these messages should be end-to-end encrypted (E2EE). Meaning that only the two entities exchanging a message have the secret key to the message content. Read more about E2EE here.

Services that can be used to send E2EE messages are Signal, Telegram, Whatsapp and Wire, among others. Where the first 3 services focus on consumer communication and the latter focuses on business communication. Wire provides additional business functionalities like whitelabelling and, most importantly, an admin panel, enabling business to add to and delete users from the business communication platform. I have been educating myself thoroughly in this space. So are you looking for a consult, feel free to contact me and I’ll be happy to give you unbiased advice on the basis of your requirements.

In my time working for other SaaS companies, I have adopted a strong numerical approach towards decision-making. I would always like to understand the economic benefits of a solution.

So to help you on the right track here, I would like to provide you with the economic reasoning of choosing an E2EE messenger instead of continuing to send emails to exchange important sensitive information.

E2EE Messenger vs. Email

  1. Cyberattacks can cost your organisation millions of dollars. Starting to use an E2EE messenger can already be done against zero cost. What do you prefer: risking to lose millions or the slight hassle of transitioning to a free/cheap solution?
  2. Email is an overused way of communicating, distracting employees from their core tasks. When you transition entirely to using a collaboration tool you can reduce email exchanges by 83%. Besides, employees are more concise in their communication when using a messengr tool. They use 73% fewer words. Imagine what an efficiency improvement this can be for a company. Getting work done instead of ruminating matters.

So this has been my analysis based on my cybersecurity research. I believe that there’s so much room for improvement in companies’ cybersecurity. At this point in time cybercrime is still rewarding. Companies like Garmin and Cognizant are paying cybercriminals millions of dollars to gain back control over their stolen data.

You can download the free report on the Future of Work 2020 here.

Based in Rotterdam, Jasper de Taeye is the Sales Director for the Benelux market at Wire™, an enterprise-grade, end-to-end encrypted collaboration platform. Bringing together his background as an entrepreneur and his previous experience at New Relic, Jasper shares his personal take on where the future of work is headed and its impact on businesses with a focus on cybersecurity.

Contact to learn more about his contribution to the fight against cybercriminality and providing workers with a worry-free way to collaborate with each other.

Back to all posts
ProductWire ProWire RedWire EnterprisePricingWhy Wire?
ResourcesDownloadSupport & FAQResellers & PartnersSource Code
© Wire Swiss GmbH