End-to-end encryption using the Proteus protocol

End-to-end encryption is a method of secure communication which protects the privacy of data being transmitted between a sender and a receiver. The encryption is applied to the data at the source (sender) and can only be decrypted by the intended recipient (receiver). No one can access or view the encrypted information, not even the provider of the messaging-service.

A common example used to explain end-to-end encryption is the “Alice and Bob” scenario. In this scenario, Alice wants to send a confidential message to Bob, but she doesn’t want anyone else to read it. To ensure the privacy of her message, Alice uses end-to-end encryption to protect her message before sending it to Bob. Only Bob has the right decryption key, and can read the encrypted message and understand its contents. In the event that a third party intercepts the message, they will only see cipher text and will be unable to access its content.

End-to-end encryption is increasingly important in today’s digital age, where privacy and security are the main concerns. It provides a secure way to send and receive sensitive information, such as financial transactions or personal data – without the risk of it being intercepted or compromised. Wire is the business messenger that always uses end-to-end encryption to protect communications and keep data secure.

Wire uses the Proteus Protocol, an implementation of the DoubleRatchet Protocol. This means that every message sent and received through Wire is encrypted with a unique key, providing a secure foundation for organizations seeking to protect their communications. Furthermore, Proteus offers multi-device support, enabling users to securely and seamlessly operate and access their messages across multiple devices. Proteus also uses pre-keys which allows for secure conversations to be initiated even when not all parties are online at the same time. But what does MLS add into the mix?

The future: Messaging Layer Security (MLS)

The Messaging Layer Security (MLS) protocol provides a secure and efficient method for organizations to conduct group communication, and has been standardized in 2023 by the renowned International Engineering Task Force (IETF). Work on Messaging layer security began in 2016 when a handful of individuals from Wire, Mozilla, Cisco, and others discussed the need for a standardized way to establish end-to-end encryption for groups that was secure, modern, and extensible.The working group was formed and participation expanded to include individuals from dozens of companies, all united in their goal of improving secure messaging and collaboration within the world’s most security-demanding organizations.

Secure group communication is made easier with Wire’s implementation of Messaging Layer Security (MLS). MLS uses group-oriented encryption to improve large-scale encrypted communication rather than traditional end-to-end encryption, which repeatedly encrypts group messages as if they are each separate one-to-one messages. Consequently, MLS operates more efficiently in messaging to and from substantial groups, be it a thousand participants, a few thousand or even more.

The design of Messaging layer security includes support for ciphersuite agility, which provides flexibility on the used cryptographic algorithms and allows the systems to negotiate and use the best available option based on the security requirements, available resources, and compatibility between the communicating parties. Ciphersuite agility ensures that we will be able to provide a heightened level of security in Wire to our customers without changing the whole codebase. Essentially, having more than one ciphersuite enables the system to be more adaptable to different security scenarios, making it more resilient to attacks and vulnerabilities.

Wire’s implementation of MLS also supports interoperability, adhering to open standard protocols for seamless integration with other systems and communication platforms. Wire looks forward to a future where other platforms also adopt these standards, to fully realize the potential of interoperability.

Outlook: What is the future of secure business communication

Scalability is no longer a barrier to end-to-end encryption, as MLS can easily support groups of thousands of clients, making it a better choice for organizations seeking a secure group communication solution than traditional end-to-end encryption. In conclusion, while Proteus is suitable for one-to-one and small group communication, MLS is better suited for large group communication, and is the more future-proof solution. Given that the MLS standard is being finalized along with the progressive advancements in Wire, it makes the adoption of end-to-end encryption in businesses and governments a foregone conclusion…

While the changes introduced by MLS may seem predominantly technical, they’ll certainly enable a widespread use of end-to-end encryption in the business context. When encrypted communication is as fast and seamless as non-encrypted exchanges, this will enable more and more businesses to change to more secure means.

“The advent of Messaging Layer Security marks a monumental leap forward in establishing secure communications, poised to redefine the entire communications industry permanently.” says Alan Duric, Co-Founder and Chief Scientist of Wire. “Previously, technologies like Voice-over-IP and WebRTC played a significant role in democratizing global communication. Now, with MLS, we are building upon this success to again impact billions of people and achieve secure communication at an unprecedented scale. Moreover, MLS serves as anessential technical foundation, enabling interoperability between encrypted messaging solutions on an Internet-wide level.” Messaging Layer Security is inspired by the huge success of encrypting the communication between users and websites and other web services using Transport Layer Security (TLS), a crucial security component of today’s Internet. Messaging Layer Security adds end-to-end encryption to messaging applications by providing a standardized and open framework.

Messaging Layer Security is inspired by the huge success of encrypting the communication between users and websites and other web services using Transport Layer Security (TLS), a crucial security component of today’s Internet. Messaging Layer Security adds end-to-end encryption to messaging applications by providing a standardized and open framework.

Benefits to technology providers and end-users

Messaging Layer Security brings many benefits to technology providers and end-users alike. MLS already enjoys wide support within the industry and will thus be a reliable basis upon which to build applications and services. As a global open standard under the IETF, no one individual or organization can decide solely to change the protocol. For end-users, MLS will bring performance benefits for communication within large groups, as well as accountability on membership in messenger groups and increased interoperability.

“While many of the changes MLS introduces to the communications landscape are ‘under the hood’, users will feel the increased speed and reliability of the protocol. Security, but at Internet scale”, says Rohan Mahy, Vice President Engineering, Architecture at Wire. “The new mechanism where we derive the group encryption keys from all participants of a group is not only much more performant than encryption using today’s encryption mechanisms. It also allows for much better accountability of a group’s membership – as participants who are removed from a conversation will not be able to decrypt any further messages that are being sent.”

More Interoperability

Messaging Layer Security is the logical protocol choice for the work that the IETF MIMI Working Group (More Instant Messaging Interoperability) is undertaking. Interoperability between end-to-encrypted messenger services is not just wishful thinking; it is a compliance requirement. Under the European Commission’s Digital Markets Act article 7, large providers of Instant Messaging Services are required to make APIs available for interoperability from 2024 onwards. Wire is in close discussion with the European Commission and the relevant technical regulators to advance this process.

Wire was one of the initiators of Messaging Layer Security in 2016, and has been a key contributor ever since. Employees from companies such as Mozilla, Cisco, Google, Cloudflare, Amazon, and Meta; and research organizations such as INRIA, Oxford University, The US Naval Postgraduate School, and ETH Zurich have made major contributions to the protocol. We want to extend our gratitude towards this incredible community of peers and to the IETF for facilitating this process.

Wire: Delivers end-to-end encrypted messaging, voice, and video chat; on-prem or in the cloud; for security-conscious customers such as Orange, Exxon, the German Federal Government, and law enforcement agencies and military worldwide. All Wire’s code is open source for transparency.

IETF: The Internet Engineering Task Force (IETF) is the premiere Internet standards body creating open protocols to ensure that the global Internet is built on the highest-quality technical standards. These standards, shaped by rough consensus and informed by running code, are developed by a large volunteer community of leading engineering and technical experts from around the world. IETF processes are open and transparent, and IETF standards are freely available to anyone.

A copy of the open letter is below:

To anyone who cares about safety and privacy on the internet.

As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone’s privacy and safety. It is not too late to ensure that the Bill aligns with the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.

Around the world, businesses, individuals and governments face persistent threats from online fraud, scams and data theft. Malicious actors and hostile states routinely challenge the security of our critical infrastructure. End-to-end encryption is one of the strongest possible defenses against these threats, and as vital institutions become ever more dependent on internet technologies to conduct core operations, the stakes have never been higher.

As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.

The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.

Proponents say that they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible.

We aren’t the only ones who share concerns about the UK Bill. The United Nations has warned that the UK Government’s efforts to impose backdoor requirements constitute “a paradigm shift that raises a host of serious problems with potentially dire consequences”.

Even the UK Government itself has acknowledged the privacy risks that the text of the Bill poses, but has said its “intention” isn’t for the Bill to be interpreted this way.

Global providers of end-to-end encrypted products and services cannot weaken the security of their products and services to suit individual governments. There cannot be a “British internet,” or a version of end-to-end encryption that is specific to the UK.

The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. Weakening encryption, undermining privacy, and introducing the mass surveillance of people’s private communications is not the way forward.

Signed by those who care about keeping our conversations secure:

Matthew Hodgson, CEO, Element
Alex Linton, Director, OPTF/Session
Meredith Whittaker, President, Signal
Martin Blatter, CEO, Threema
Ofir Eyal, CEO, Viber
Will Cathcart, Head of WhatsApp at Meta
Alan Duric, CTO, Wire

The full article was written by our Co-founder and CTO, Alan Duric and published in ITProPrortal on September 9, 2021

The global outbreak of Covid 19 and the resulting switch to online working and a new dependence on IT has seen cybercrime increase dramatically. According to research, UK businesses lost over £6.2 million to cyber scams this past year, with a 31 percent increase in the number of attacks during the height of the pandemic. Cybercrime will continue to damage businesses, institutions and governments unless a radical new approach to rebuilding security infrastructure is taken.

The threat posed by cybercrime is immense. According to Cybersecurity Ventures, cybercrime could cost the global economy as much as $10.5 trillion by 2025. But organizations seem resigned to this risk – 80 percent of organizations worldwide expect to experience a data breach in the coming year.

Cyberattacks haven’t just increased in volume, they’ve also grown in scale, potency and impact. Recent high-profile attacks involving SolarWinds, Microsoft Exchange and Colonial Pipeline have shown just how vulnerable we are and how crucial it is to make structural changes to ensure our future security.

Global leaders are finally taking action. US President Joe Biden’s recent Executive Order to undo years of security vulnerabilities is a major step forward, while German Chancellor Angela Merkel and French President Emmanuel Macron are also taking steps to protect critical infrastructures and invest in secure technologies.

However, in the UK, while the government is pledging to make data security a top priority, Prime Minister Boris Johnston is behind his counterparts in taking the threat seriously. The revelation by Dominic Cummings of the extent to which UK MPs share sensitive government data using mainstream tools such as WhatsApp, is testament to this.

At breaking point

Last year, the SolarWinds attack made headlines as the then-largest and most sophisticated US hack of all time. It compromised the private sector and affected many US government organizations, including critical agencies like the US Treasury. Unfortunately, the Microsoft Exchange hack earlier this year outdid it; experts believe it exceeded the SolarWinds hack in scale and consequence. This attack exposed the emails of 30,000 US organizations, with the full breadth of damage still unknown.

The increasing frequency of these attacks is alarming. Underlying weaknesses seem to be exposing organizations to unnecessary risk and making these types of breaches more likely – and more dangerous.

Three pillars for a modern security infrastructure

These attacks highlight common security weaknesses that must be addressed. We can no longer simply ‘patch’ over weaknesses; we need a new, security-first infrastructure that discourages future attacks and minimizes the impact of a successful breach. This alternative architecture must include three fundamental elements:

Zero Trust

The idea of zero-trust security has existed for some time, but it is now gaining traction. Zero trust methodology assumes that all data, devices, apps and users inside or outside of the corporate network are inherently insecure and must be authenticated and verified before being granted access. The key component to zero trust is that it is a holistic strategy, involving technical protocols such as multi-factor authentication and identity access management, as well as a hyper-vigilant mindset that is ingrained into how an organization defends against cyber threats. This approach requires a change in strategy throughout an organization, because it assumes that any vulnerability – even at an individual employee level – can cause significant damage if exploited.

End-to-end encryption (E2EE)

As cyberattacks increase, end-to-end encryption has become more important. Businesses are now seeking E2EE as a basic signifier of security. Unfortunately, many popular collaboration and email platforms either lack plans to employ E2EE, or are scrambling to add in basic security protocols after years of operating without them. In true E2EE, data is encrypted on the sender’s system or device and only the recipient can decrypt it. Many platforms have made false claims or utilized weak forms of E2EE, so it’s critical to pick the right form of encryption and to be transparent regarding which ones you deploy. For example, a decentralized solution using double-ratchet E2EE enables every individual call, message, and file to be separately encrypted on every device, with the keys generated from the device rather than from a central server. This protects even the smallest possible unit of information, creating a system that grows more complex – rather than more valuable – for hackers with every message.

Decentralized data storage and protection

Decentralization protects data assets at the edge rather than in a central fortress. This architecture gives organizations control without any risks related to how a vendor stores their data. Solutions that protect from the edge are better at protecting data from bad actors because there is no single large “payload.” The lack of E2EE (Microsoft, like other email providers, saves data in cleartext on its servers) and centralized data storage created a dangerous combination in Microsoft’s case. While it requires fewer resources for vendors to simply place a perimeter defense around a central hub, the major downside of this approach is that if an attacker can surpass those defenses and access the servers, all the data in that central hub is compromised. By contrast, on-prem or hybrid arrangements can be more secure. If this old infrastructure with centralized data storage and outdated security protocols remains in place, cyberattacks will continue to rise.

Taking steps to curb cybercrime

There are already platforms like Protonmail and Tresorit that employ this new security infrastructure. That’s a great start, but if organizations truly want to prevent cybercrime, a more fundamental change is needed.

In the same way that we cannot solve climate change with fossil-fuel-powered energy infrastructure, we will not solve modern security challenges using architecture from the 1970s. It will require a radical rethink and the use of new tools. It will also require politicians and technology providers to collaborate to bring about change. We applaud the steps being taken by Biden, Merkel and Macron to undo years of poor security practices in the public sector. By taking these difficult lessons on zero trust, encryption and data compliance to heart, digital infrastructure will become safer.

About Alan Duric

Alan Duric is a Co-Founder of Wire and serves as its CEO. He was an early pioneer of VoIP, and has founded multiple other initiatives such as Telio Holding ASA, now NextGenTel Holding ASA.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

Try our internal communications software for free today. Simply create a team and start communicating and collaborating securely in minutes. Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.

The turbulence of the past year has shown how vulnerable international systems can be to cybercrime and malicious actors. According to reports, cyber attacks have increased by more than 150 percent across Germany since the outbreak of the pandemic. Among US colleagues, the number of leaked government data has even increased by 278 percent.

Not only is the increase in attacks striking, but above all their extent, effectiveness and widespread impact, especially in the public sector. The attacks on SolarWinds, Microsoft Exchange and, most recently, Colonial Pipeline have not only revealed how vulnerable these systems can be, but also demonstrated how important structural changes to the digital landscape are to ensure future security.

Quick action is urgently required here. It is therefore understandable that heads of government, such as US President Biden, are now intervening and – as in the US case – issuing a cyber executive order. It is debatable whether the requirement for the authorities to close security gaps that have existed for years in just 60 days is ambitious. However, great progress can only be expected if the course is consistently set in the direction of leading standards in the areas of authentication, encryption and data compliance and these procedures are increasingly used in the public and private sectors.

What applies to the Americans should also be implemented in this country. At the last digital summit in 2021, Chancellor Angela Merkel clearly emphasized that Germany had to transform its federal and state infrastructures in order not to forfeit its actually good start-up competence in matters of digitization.

For this very reason, authorities need their security systems to be refreshed, because up until now they have not meshed harmoniously like a cog. In addition, decision-makers and companies should be aware that American companies have been continuously driving digital transformation for many years, whereas German companies are lagging behind and are therefore behind, especially when it comes to addressing customers in new ways.

A turning point

Technical progress only takes place if modernization is also guaranteed. So it is not enough to continue to rely on fax, because years ago it proved itself to be a good, useful new technology. In order to maintain the necessary agility, governments need to stay informed. This is also shown by the news about the SolarWinds attack, which recently made headlines as the largest and most sophisticated attack on US companies of all time. In addition to compromising the private sector, it affected many US government organizations, including key federal agencies such as the Department of Finance, Justice, and Commerce.

Unfortunately, it was exceeded by the attack on Microsoft Exchange earlier this year, which, according to many experts, was even more serious in terms of scope and consequences. Eventually, the email addresses of over 30,000 US organizations (both government and commercial) were disclosed, although the full extent of the damage is not yet known.

Most recently, it was the ransomware attack on Colonial Pipeline that demonstrated how vulnerable critical elements of US infrastructure are and how disruptive and potentially crippling these attacks can be. Given these recent events, it is therefore not surprising that the US government headed by President Biden issued the Cyber Executive Order at the end of May.

Each of these hacking attacks is harmful enough on its own. What is really worrying, however, is that the frequency of such deep attacks is steadily increasing. A closer look reveals that there are some fundamental vulnerabilities to which companies expose themselves to avoidable risks and make this type of attack more likely – and more dangerous.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

The full article was written by our Co-founder and CTO, Alan Duric and published on cpomagazine.com on June 17, 2021

The upheaval of this past year has revealed how vulnerable global systems are to cybercriminals and bad actors. Cyberattacks have surged, with a reported 400% increase in attacks since the pandemic, and a 278% increase in leaked U.S. government records.

However, cyberattacks didn’t just increase in terms of volume, they also grew in scale, potency and wide impact, particularly in the public sector. We know them on a first-name basis: SolarWinds, Microsoft Exchange and most recently Colonial Pipeline all have shown not just how vulnerable we can be, but how crucial it is to make structural changes to our digital landscape to ensure our future security.

That’s why we welcome the recent Executive Order by President Biden. While the mandates for agencies to undo years of security vulnerabilities in just 60 days is incredibly ambitious, just setting that direction towards leading standards in authentication, encryption and data compliance will yield great benefits as these approaches begin to be increasingly implemented across public and private areas.

A breaking point

Last year, the news of the SolarWinds attack made headlines as the then-largest and most sophisticated U.S. hacks of all time. Not only did it compromise the private sector, it also affected many U.S. government organizations, including critical federal agencies like the U.S. Treasury, Justice and Commerce Departments. Unfortunately the Microsoft Exchange hack earlier this year outdid it, with many experts believing it bested the SolarWinds hack in scale and consequence. With this hack, more than 30,000 U.S. organizations (both government and commercial) had their emails exposed, with the full breadth of damage still unknown.

Most recently of course was the Colonial Pipeline ransomware attack, showing how vulnerable critical elements of U.S. infrastructure are and how disruptive and potentially paralyzing these attacks can be. Based on this recent history, it’s not surprising that the Biden administration released last week’s executive order.

While each of these hacks individually are damaging enough, what’s really concerning is that the frequency of these types of deep-reaching attacks are steadily increasing. If we dive in even further, we can see that there are some underlying weaknesses that may be exposing organizations to unnecessary risk and making these types of breaches more likely – and more dangerous.

Redesigning our infrastructure

Despite the wide range of attacks – supply chain, data storage, ransomware – they all point to some very clear common weaknesses that should not be overlooked from a security standpoint. All organizations, not just the U.S. government, should pursue a new security-first infrastructure to discourage future attacks and minimize any potential impact of a successful breach. This new, alternative architecture utilizes these three elements:

Zero Trust

This security framework has been around for some time, but is just now starting to gain traction in implementation, especially now as it was specifically highlighted in the executive order. Zero trust is a methodology that assumes that all data, devices, apps and users inside or outside of the corporate network are inherently insecure and must be authenticated and verified before being granted access. The key component to zero trust is that it is a holistic strategy, involving both technical protocols such as multi-factor authentication and identity access management, as well as an overarching dynamic and hyper-vigilant mindset that is ingrained into how an organization operates and proactively defends against cyber threats. This approach requires a change in strategy at all levels of the organization because it assumes that any vulnerability – even at an individual employee level – can cause significant damage if exploited.

End-to-end encryption (E2EE)

As cyberattacks continue to grow in volume, end-to-end encryption has become an increasingly important topic. Many platforms have shown security weak points and as a result businesses are seeking E2EE as a basic signifier of security. Unfortunately, a number of popular collaboration and email platforms either have not created concrete plans to employ E2EE, or are now scrambling to add in basic security protocols after years of operating without them. The definition of “end-to-end encryption” has also gotten muddied by the phrase’s heavy usage in marketing materials: In true end-to-end encryption, the data is encrypted on the sender’s system or device and only the recipient is able to decrypt it. Many platforms have even been caught making false claims or utilizing weak forms of E2EE, so it’s critical to not only pick the right E2EE form but also to be fully transparent with which ones you employ. For example, a decentralized solution that uses double-ratchet E2EE allows for every individual call, message, and file to be separately encrypted on every device, with the keys generated from the device rather than from a central server. This protects the information to the smallest possible unit, and creates a system that grows more complex – rather than more valuable – for hackers with every message.

Decentralized data storage and protection

As referenced above, decentralization protects data assets at the edge rather than in a central fortress. This architecture ensures that organizations have control instead of being subjected to any risks that may come from how a vendor decides to store their data. Solutions that protect from the edge have a much better chance of protecting data from bad actors because there is no single large “payload.” The lack of end-to-end encryption (Microsoft, like many other email providers, saves data in cleartext on its servers) and centralized data storage created a dangerous combination in Microsoft’s case. In a lot of ways it takes less resources for vendors to simply place a perimeter defense around their central hub, and for organizations to pass off the responsibility of that protection to their vendors. The major downside of this approach is that if an attacker is able to surpass those perimeter defenses and gain entry to those servers, all the data in that central hub is compromised – this is how you can get the emails of over 30,000 organizations exposed in one fell swoop. By contrast, having the option for on-prem or hybrid arrangements can make a crucial difference in security. If this old infrastructure with centralized data storage and protection and outdated security protocols remains in place, we will almost certainly continue to see the number of these kinds of cyberattacks increase.

The road ahead

There are already some individual tools and platforms like Protonmail utilize this new security infrastructure – and that’s a great start. However, if organizations truly want to future proof and defend against the rising threat of cyber attacks, a much bigger and more fundamental change needs to take place. Similar to how we do not solve climate change with an oil and coal powered energy infrastructure, we will not solve these current security challenges by relying on architectures from the 1970s. It will require a radical rethink and the use of new tools and approaches. That’s why we applaud these steps by the Biden administration to begin to undo years of poor security practices in the public sector. By taking these difficult lessons on zero trust, encryption and data compliance to heart, the U.S.’s digital infrastructure can become safer for everyone involved.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

Try our internal communications software. Simply create a team and start communicating and collaborating securely in minutes.

Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.

The Problem

Throughout the history of communication, fraud and scams have inherently been present. From phony telephone sales, pyramid schemes over ransomware, phishing emails to premium number fraud — criminals are as ingenious. The scale of the problem is not small — it’s a huge global issue. From the 32bn USD lost annually on telecom fraudor the 6tn USD problem that is cybersecurity; if there is a vulnerability it will be exploited.

Scams using Wire

Wire is secure and private. In fact, with our end-to-end encryption model, Wire is about as secure as it gets — and we will not leak your information.
Just like any other communication platform though, sadly there are fraudsters out there who are using platforms like ours for their own gain. We want to make our users aware that it comes down to how you interact with people that determines your vulnerability to fraudulent attack. For example, a user may be lured into accepting a connection request and having a conversation with someone they think they can trust, but actually whose motives aren’t genuine. In this example, Wire is the vehicle — just like a BMW or Chevrolet can be used for a robbery.

Examples of scams

To keep up to date on the latest scams that could affect our users we monitor all kinds of outlets, including Twitter, cyber security forums and the World Economic Forum. The most frequent scam we are aware of that involves Wire is a job applications scam. Fraudsters impersonate large organizations and offer jobs or interviews over messaging platforms such as Wire. Most often the victim is someone who would become a remote working employee. They get offered the job and are then asked to buy a laptop and mobile through a portal that is setup by the fraudster under the promise that they will be reimbursed when joining the company.
The reality is that there is no job, the interviewee never receives the laptop or mobile, and the fraudster has collected the money and closed their Wire account.

What to do as a business if this happens to you

If criminals or fraudsters masquerade as your business in order to set up and conduct fake interviews, Wire will immediately take action on your behalf. This is the process you should follow if this happens to you:

– Reach out to Wire immediately and directly by visiting support.Wire.com and selecting the blue “Help” button

– Be sure to select “Report Misuse” as the issue reason, we prioritise requests like this in our support queue

– Provide as much detail as possible; Wire username of the suspicious user, statements from defrauded individuals, etc. Screenshots of the fraudulent activity are especially helpful. Our support team may request additional information, so provide as much detail as possible with your initial submission to ensure the fastest resolution.

What to do as an interviewee if this happens to you

If you’re attending a job interview / have secured a role, always ask the company to arrange your work tools — you should not have to purchase equipment on your own. Reputable companies will organise procurement of such items and ship them to your address.
If you are in any doubt whatsoever, contact a senior employee of the company in question and ask if these are standard business practices. Look for a reputable figure with a long tenure with the company and frequent posts on a platform like LinkedIn.

Our commitment

Our commitment is to help your business stay safe. Upon any request we will take immediate action to best protect you as an individual or your business by reacting promptly and responsibly to shut down the fraudsters as quickly as possible.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

In-person meetings have almost entirely been replaced with virtual meetings and working models now rely on digital communications, collaboration tools and channels. This trend is set to continue long after the threat of virus has dissipated. The ‘working from home experiment’ proved to many employers that teams can be just as productive when working remotely and virtually together. Accustomed to this new way of working which allows for a better work/life balance, employees now demand more flexibility in how and where they work. The modern workplace, pandemic or not, will unequivocally remain dependent on technology to stay connected.

However when the pandemic hit, the urgency with which organizations had to shift to remote working models saw secure working environments replaced with home offices which are largely dependent on unsecured networks and devices. Organisations did not have time to update infrastructure, patch vulnerabilities or evaluate possible security weaknesses. As a result, employees working outside of the confines of perimeter-based security (e.g. firewalls and secure internet) were left exposing more confidential data/information during their day-to-day jobs than ever before.

Cybercriminals saw these mass vulnerabilities and took advantage. Cyberattacks thrived during the pandemic, with a reported 400% increase in attacks in the first four months of 2020, and 278% increase in leaked U.S. government records. A lot of these successful attacks were the result of employee mistakes and naivety (such as clicking on phishing emails), but some were also the result of technology vendors – specifically those meant to increase connectivity and communication – making massive security and privacy missteps. Zoom, for example, experienced large-scale interruptions of video conferencing calls by bad actors and pranksters (e.g. “Zoombombing”) and was also exposed for violating privacy rights by conducting undisclosed transfers of user data.

While the pandemic has exacerbated the problem of cybercrime, even when life balances out into some kind of ‘new normal’, the threat of cybercrime will remain immense. According to Cybercrime Ventures cybercrime threatens to cost the global economy as much as $10.5 trillion by 2025 and the World Economic Forum listed cybercrime as the fourth largest global risk in 2021 (after extreme weather events, livelihood crises, and infectious diseases). Cybercrime is a problem that is here to stay, and will continue to damage the health of businesses, critical infrastructure and governments unless a drastic new approach is taken.

Consequently, organizations in both the private and public sector have major concerns over data security, privacy and sovereignty. Not only are they re-evaluating the infrastructures they have in place and the validity of the tools they entrust with their business data, but they are beginning to look more carefully at the tech providers who are handling their data and at the specific technologies their solutions depend upon. Trust is now a key concern and priority.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

Try our internal communications software for free today. Simply create a team and start communicating and collaborating securely in minutes.

Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.

New and updated national data privacy and data localisation laws are fundamentally altering the way that companies can conduct business internationally, which is in turn transforming their attitude to cloud infrastructure. The EU’s General Data Protection Regulation (GDPR) and China’s Cybersecurity Law – two of the most comprehensive packages of data privacy regulations – have already had cascading impacts on businesses in these markets and all of their trading partners. And this is just the beginning. Japan announced earlier this month that it is making changes to its Protection of Personal Information (AAPI) Act, tightening controls of international data transfer from 2022 to bring it in line with GDPR and over 70 other countries have passed new or updated data privacy laws in the last few years that include some form of data localization.

The challenge with the public cloud is that it runs across a distributed infrastructure and providers tend to store data in technically and commercially practical locations. In light of recent enterprise data breaches and incidences of data misuse, the dispersed nature of the cloud leaves businesses with concerns on a number of levels: How can they be assured of the privacy of their data? Where is their data stored? And who ensures the sovereignty of their data? Them or their cloud partner?

Without sufficient reassurance from their technology providers that their data is secure and compliant with data regulation laws, private and public organisations are beginning to rethink their commitment to and use of the public cloud. Ultimately, unless technology providers do not become fully transparent with how they store and handle enterprise data and offer greater reassurance to customers, privacy concerns may lead to a demise in cloud’s appeal.

Three trends are emerging:

1. Companies are abandoning the public cloud altogether and moving critical applications to private cloud or on-premise, where they have complete control of where their data is stored and who can access it.
2. Companies are looking to move to technology platforms and providers that offer complete transparency with regards to their privacy policies and have a ‘zero trust’ model of security to give them complete piece of mind that their data is safe and their digital privacy assured.
3. Companies are restructuring their cloud infrastructure along national lines or considering moving to regions where data jurisdiction is more favourable in terms of storing and processing data.

About Wire

Wire is the most secure collaboration platform, transforming the way businesses communicate at the same speed and with the same impact that our founders disrupted telephony with Skype. Headquartered in Berlin with offices in Switzerland and San Francisco, Wire’s award-winning collaboration and communications platform counts over 1,800 government and enterprise customers worldwide, including EY, Fortum, the German government and four other G7 governments. Recognized for its secure collaboration platform as a leader and high performer by G2 Crowd, IDC, Forrester and Gartner, Wire offers messaging, audio/video conferencing, file-sharing, and external collaboration – all protected by the most advanced end-to-end encryption.

Try our internal communications software for free today. Simply create a team and start communicating and collaborating securely in minutes.

Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.

The full articles was written by our CEO Alan Duric and published on builtin.com on March 30, 2021

The recent implementation of privacy labels in Apple’s App Store have ignited a new wave of discussions over privacy concerns with technology applications. Users now have greater visibility into the type of data that is collected, who that data is shared with and how it is used.

This new label system is not just a shift from lengthy and confusing privacy policies to accessible information for the layman, it’s an indication of a much bigger theme: the public’s changing expectations toward transparency and privacy.

Consumers and businesses are both more aware of security and privacy issues than ever before, and the slew of cyberattacks and breaches in 2020 truly solidified the understanding of consequence if these things aren’t done right. Expectations are no longer just about how companies handle security and privacy, but how transparently they communicate those protocols. Companies and developers must adapt to these changes or risk facing backlash from users and regulators alike.

Here are three things developers and companies can implement to build trust into their applications.

1. Go Open Source

Applications that are open source inherently display greater transparency, which provides better insight on the inner workings of the app and allows the technology to speak for itself. Companies can always claim that their software does not collect personal data or share information with third parties, but the reality is that people are more skeptical of technology than ever before after countless scandals and breaches that occur every year.

Making your platform’s code accessible allows outside developers to check that any security and privacy claims are met in reality. This practice of hyper-transparency can be taken another step with regular cybersecurity and code audits from security researchers and industry organizations for more in-depth analysis and certification.

One concern around going open-source is the risk of allowing cybercriminals to identify vulnerabilities in the application. However, open source also allows for the larger developer community to identify and report any flaws before they can be exploited. Overall, the security and transparency benefits of open source far outweighs the potential downsides.

2. Rething your Security Foundation

Without a proper security foundation, many platforms not only struggle to implement modern solutions rapidly, but they will also be at an increasing disadvantage as cyberattacks become more sophisticated. Failure to engrain security at a foundational level has led multiple companies, government and education institutions to effectively blacklist certain applications from use. Furthermore, poor security infrastructure can lead to a loss of development time and resources in the event that an application needs to remediate a major vulnerability or address privacy concerns.

A proper infrastructure overhaul is a huge undertaking, and many developers would need to backtrack or compromise on removing convenient features for better security. While many may not be willing or consider themselves able to do this, it’s important to keep an eye on the broader changing landscape. Cybercrime is expected to cost the global economy upwards of $10.5 trillion by 2025.

Cyber attacks are becoming more numerous and sophisticated, and governments are beginning to roll out stringent regulations — making the consequence of a security or privacy breach very costly. For developers who are still in the beginning stages of building their applications, it’s important to consider that those that are built from the start with a security-first infrastructure will not be forced to make such compromises and will be more capable of evolving and adapting to new security challenges.

3. Implement Zero Trust

It’s clear that there needs to be an overhaul in a lot of the ways companies and businesses operate in order to build a sense of trust with users. While the technical aspects of this — like implementing transparency through open source and security-first infrastructure — are important, it’s also critical to update the mindset and human-centric elements to safeguarding data and privacy.

One effective approach and strategy is adopting a zero-trust framework, a security model that assumes that all data, devices, apps and users inside or outside of the corporate network are insecure by their nature and must be verified before being allowed access. This methodology employs stringent protocols and includes tools such as multi-factor authentication, end-to-end encryption, identity-access management, orchestration and other comprehensive system permissions and safeguards.

The key component to zero trust is that it is a holistic strategy, involving both technical protocols as well as an overarching dynamic and hyper-vigilant mindset that is ingrained into how an organization operates and proactively defends against cyber threats. It requires a change in strategy at all levels of the organization, because one mistake by an employee can be exploited into a major cyberattack. Only a holistic approach that is based on infrastructures with these core principles can help meet the expectations of users and the cybersecurity challenges of the future.

DON’T WAIT, ACT NOW

Implementing these measures should be an active effort — rather than a reactive response to a security breach or data-privacy scandal. Having an application that is open source, built on a secure foundation and supported by a zero-trust framework can help prevent or mitigate the next major cyberattack.

Trust is easily lost and hard to regain, which is why leaving these initiatives off until it is too late can be devastating and can appear as a disingenuous, reactionary and forced response. With countless competitors ready to move in to offer their own applications, protecting your reputation and the trust of your users must be a top priority.

Try our internal communications software for free today. Simply create a team and start communicating and collaborating securely in minutes.

Looking for a walkthrough of our enterprise communication solution? Contact us today to learn how Wire fits into your organization.