The Internet and email is old at this point.
It can be reasonably argued that email links are a significant threat vector right now.
So far, we just keep trying to sandbox links or scan attachments, but it's still not stopping the threat.
My questions for comment:
- Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
- Why can't we do PKI well after a few decades?
- Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?
I see services like id.me and others and wonder why we can't get digital identity right and if we could, would it eliminate some of the major threats?
Image credit: https://www.office1.com/blog/topic/email
Edit, post not related to the site or any service, just image credit.
As someone who leads a major MDR and IR service, phishing was the root cause of about 7.5% of incidents last year. Exploits are #1 around 47% of incidents, followed by compromised credentials around 30% of incidents.
This only represents SME and Enterprise. Phishing likely could be #1 for individuals.