The Internet and email is old at this point.
It can be reasonably argued that email links are a significant threat vector right now.
So far, we just keep trying to sandbox links or scan attachments, but it's still not stopping the threat.
My questions for comment:
- Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
- Why can't we do PKI well after a few decades?
- Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?
I see services like id.me and others and wonder why we can't get digital identity right and if we could, would it eliminate some of the major threats?
Image credit: https://www.office1.com/blog/topic/email
Edit, post not related to the site or any service, just image credit.
Would you mind pointing me at research that demonstrates that email links are the number one threat vector right now?
As someone who leads a major MDR and IR service, phishing was the root cause of about 7.5% of incidents last year. Exploits are #1 around 47% of incidents, followed by compromised credentials around 30% of incidents.
This only represents SME and Enterprise. Phishing likely could be #1 for individuals.