Many Rendition Infosec clients are calling us today asking about the efail vulnerability. TL;DR – this isn’t a big deal for most of our enterprise users. Few of them use PGP and most of those that do use PGP to send files back and forth, not to encrypt the email natively.
More than anything else, there was a disclosure problem with this vulnerability. Is the vulnerability serious? Yes, for some users with a specific workflow. Did the vulnerability deserve the media attention that it got? No, definitely not.
Continue to practice good cyber security hygiene and apply updates to all of your software as updates become available. If you need further assistance understanding how the efail vulnerability might impact your organization, please reach out to Rendition Infosec and we’ll be happy to help.
After talking to multiple members of the press about the vulnerability embargo, I’ve posted some additional thoughts here.