Back in March, I wrote a post that made a case for the United States needing a Zero Trust Security model for email. Two months later, we launched Zero Trust Email and added it (at no additional charge) to Paubox Email Suite. This post is about why we built Zero Trust Email, how it works, and why America needs it today.
Ransomware Every 8 Minutes
A lot has happened in the email security world this year. In the past 60 days alone, the United States experienced an explosion in ransomware attacks. The recent attacks on Colonial Pipeline and JBS are prime examples of ransomware's negative impact on our economy. In fact, ransomware attacks are now succeeding every eight minutes.
Why did we build Zero Trust Email?
In my opinion, we are in an unacknowledged online war with several hostile nation states. Knowing that American intelligence agencies are prohibited from conducting surveillance inside the U.S., bad actors with close associations to these rogue states are launching phishing campaigns via American internet companies. For example, we have many confirmed instances of phishing campaigns being sent by accounts belonging to AWS, Sendinblue, GoDaddy, and Mailgun customers.
It's our belief that while these accounts eventually get flagged and deactivated, the pace at which they get created has overwhelmed tech support departments nationwide. In a nutshell, we can no longer trust email sent from American hosting and infrastructure companies because bad actors (i.e. hostile nation states) are launching phishing attacks via those same companies. If we can longer trust domestic companies, then the bad guys are indeed inside the gates.
The Zero Trust Security model fits well into our nation's present paradigm, as its driving philosophy assumes attackers are both within and outside of the network. Therefore, no one and nothing should automatically be trusted.
We applied the Zero Trust Security philosophy to email security and created Zero Trust Email.
How does Zero Trust Email work?
A core tenet of Zero Trust security is multi-factor authentication (MFA). While most of us associate MFA with text messages or authenticator apps, there is a broader definition. MFA simply means more than one piece of evidence is required to authenticate a user.
As it relates to Zero Trust Email, we built a system whereby an additional piece of evidence from the sender's mail server is required before it passes our Inbound Security checks. The additional evidence is determined by an artificial intelligence (AI) algorithm we created. In effect, we are incorporating email AI into the core of Paubox. Email AI is clearly where the future of email is heading.
Why America Needs Zero Trust Email
Last month, President Biden became the first American president to say the word 'ransomware' in public. That same week, he issued an Executive Order on Cybersecurity. The United States urgently needs private sector innovation to keep ransomware and phishing attacks at bay. President Biden agrees:
"I signed an executive order to improve the nation’s cybersecurity. It calls for federal agencies to work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks."
The timing of Zero Trust Email is clearly now.