My Bank Showcases A Dangerous Misconception Undermining Cybersecurity

Me with the oldest phone I could find. It’s from the 1980s. It’s a little more modern than the technology behind your email attachments, but you’ll figure it out. :)
Screenshot from my bank's email telling me that they could not accept my personal files from secure cloud storage links because of their security policy. Better to send them my personal data through insecure email attachments.
  1. Hyperlinks to best of breed cloud storage services provide detailed audit trails of the origin of files and are avoided by attackers. Email attachments offer no trace and are anonymous and thus are a favorite of attackers.
  2. You can easily white list trusted cloud services to allow download. Nothing to do for email attachments, they are already inside your firewall.
  3. Enterprise cloud storage, like Box, scan for viruses upon upload. Further limiting even accidental distribution of viral content.
  4. Email attachments can be completely self-contained, and once inside the organization, can wreak havoc without external support. In contrast, the delivery of a hyperlink isn’t the delivery of the virus. The link still needs to be clicked and reach out through firewalls.
  5. Once an attachment is inside someone’s inbox, it is a persistent threat that can not be shut down by adjusting border defenses. Even if the recipient is disconnected (e.g., on an airplane), a malicious email attachment can infect the user’s device. A malicious hyperlink is disabled.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store