Email technology flaw hack cybersecurity
A flood of cybersecurity breaches has shown how vulnerable email is, but users are the real problem here iStock

Email is a communication standard that is almost 50 years old. It is the number one vector that cybercriminals use to hack into our computers and it is a hugely outdated and unwieldy tool for modern communication.

And yet, email persists. In an era of instant messaging services, video calling and file sharing services, email continues to grow in popularity despite all its obvious flaws and risks.

Think of any recent major security breach and the vector through which access was gained was likely email. Everything from ransomware to banking trojans are now being delivered through email, both through mass spam email campaigns and much more targeted spearphishing campaigns which target specific individuals with highly tailored emails designed to look like legitimate messages.

Yahoo recently revealed that it had suffered one of the biggest breaches in history with 500 million user accounts (and counting) stolen by suspected "state-sponsored" hackers and being put up on the dark web. This massive hack is yet another in the increasing number of cases where email login data, along with the trove of personal data held within, is widely exposed and left vulnerable for malicious actors. The system and its security is so fragile and hackers know a weak spot when they see it.

So, why are we still using email?

According to figures from the Radicati Group produced last year, more than 205 billion emails are sent every single day with over 2.6 billion people using email, creating 5.3 billion email accounts. And the email obsession is not going to stop any time soon, with daily emails sent expected to reach 246 billion by 2019.

This is in spite of the fact that email is the most popular way for cybercriminals to access your system and more importantly, that of your business. "Cybercriminals are relentlessly working to exploit the email communication channel," said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint.

According to the FBI, security breaches caused by malicious emails cost businesses billions of dollars every single year and even email spoofing, a problem as old as email itself, has made a major comeback of late.

While security might be the most obvious problem with email, it is not the only one. The communications platform is also hugely inefficient and in large organisations can lead to employees doing little else but replying to various email threads and not getting any actual work done.

There is a revolution afoot

Tools like Slack and Trello are seeking to make realtime, online collaboration much more efficient and in the process do away with the need for email. Slack is an enterprise-focused messaging tool which some companies are now using instead of email, as it offers group and individual messaging which can replace time-consuming email threads.

With office workers on average sending or receiving 122 pieces of email a day, it is easy to see the appeal of Slack as messages can be sent and responded to instantly in a far more fluid way.

Trello is an online work collaboration tool which lets every see how a project is processing in one place, without the need for constant update emails every time someone corrects a typo or changes the font of a headline.

While these tools are very impressive and in certain situations can eliminate the need for email altogether, the fact that they are non-standard platforms means that when you need to contact someone outside of your company or project team, you still need to fall back to email – the industry standard.

Add to this the fact that in many countries, courts only accept email as a valid form of evidence, and it is clear how much of a challenge changing the way we work is going to be. "The law could be one of the biggest hindrance when it comes to moving fully towards [other communication methods]," said Christine Bejerasco, a security advisor at F-Seucre's online protection.

The big question is: will the shiny new tools which Silicon Valley is promising will make our lives so much better, actually make things easier?

Humans are the real problem

Unfortunately the problem does not lie with the technology per se, but with the people who use it and how they use it, and this is never more obvious than in relation to security.

Hackers typically go after the weakest link in the chain and while email may be seen as the weakest link, the truth is that we are the weakest link.

Have you ever clicked on a link in an email when you weren't sure who sent it? Have you ever downloaded a file sent to you via email because it looked like something you might be interested in?

If the answer is no, then congratulations, but you are in the minority. The reason that email-borne cyberattacks are so successful is because people don't realise the risk they pose and have not been educated sufficiently to stop doing stupid things.

Changing technologies to something like Slack is not going to change this fact. If Slack does become hugely popular, then it will be only a matter of time before hackers move on to target that instead of email and again it will be the people using it who will be targeted.

"Let's say we replace email with something else, and this something else becomes mainstream, there will be some sort of attack that will try and target this new thing once again," Bejerasco said.

So, what is the solution?

Mike Patterson, CEO of Plixer, has one suggestion: "Although I don't think email will die a speedy death, I do think an opt in communication method could be on the horizon whereby, you can't send a message to someone unless mutual permission has been granted. Perhaps a solution much like LinkedIn would be a step in the right direction. We have to try something."

The thought of anything like LinkedIn becoming the de facto communication platform for the world will send shivers down the spines of many, but in a world where information and data are becoming as valuable as money, something has to change.