Dr Simon Wiseman of IT security firm Deep Secure gives five issues to consider in formulating a business defensive strategy and stopping it from becoming the target of a successful, sophisticated cyber-attack.
The cyber-security landscape has never looked more threatening than it does today. Some of this is down to the range of ways that business users communicate and the consequent range of attack vectors this opens up.
Another reason for concern are the levels of complexity being used by cybercriminals. On a daily basis, they use simple techniques targeting business but if those fail, the criminals are perfectly capable of employing the kind of savoir-faire that was once the preserve of nation-states.
With this in mind, here are five issues to consider in formulating a business defensive strategy and stopping it becoming the target of a successful, sophisticated cyber attack.
When it comes to cybersecurity, one size does not fit all. Some areas of a business warrant better protection than others. In some places, a cybersecurity failure will be inconvenient and recovery will be swift, while in others a failure could put a company out of business. The answer is to divide the organization into zones. This allows you to apply the exact level of control needed to each area of the business. Users inhabit some zones, but others provide a purely computing function. For instance, some will contain ‘crown jewels’ information, while others will be where potentially dangerous data is processed. The security mechanisms control access to these zones and the way business information flows between them.
Consider using a technology that is capable of enforcing zones at the level of business content – rather than at the networking level. This enables strict control of the flow of information content between zones and prevents attacks passing from one to another, and blocking leaks of sensitive information.
Regardless of the nature of the attack, in 99% of cases, it will start with the attacker attempting to infiltrate the organization with an exploit concealed in seemingly innocuous business content. Virtually any piece of content, whether an Office document, PDF, image or otherwise, can be used or “weaponized” in this way. Whatever the attack, from ransomware and identity crime to remote access and cryptocurrency mining, it will likely gain a foothold because it was introduced in weaponized content through regular internet usage. Digital content – the essential lifeblood of business and commerce – is the carrier of choice for today’s cyber. We can’t live without it and yet we might regret using it.
It is therefore essential for businesses to look at how best to ensure the digital content can be handled safely. Here it’s important to acknowledge that, historically at least, the cyber-security industry has failed to deliver the levels of protection that a business might reasonably expect.
The vast majority of cyber-security defenses operate using the principle of detection. Threats and exploits are identified by examining content for indicators (signatures) that suggest the presence of something malicious. The detection paradigm was effective to a point, but it has proved wholly ineffective in the face of ever more sophisticated threats. They are constantly evolving, concealed in seemingly harmless business content.
In March of this year, industry analyst Gartner published a report entitled ‘Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks’. The author called out ‘Pattern 4: Content Transform’ as key to building defenses that deal with the threat landscape going forward.
Content Transform defeats not only known but also ‘zero-day’ and unknown threats in content. Because it crosses the network boundary, it doesn’t rely on detection or “sandbox detonation”. Instead, it uses a unique process of transformation that ensures protection.
Transformation works by extracting the business information from the documents and images crossing the network boundary. The data carrying the information is discarded along with any threat. Brand new documents and images are then created and delivered to the user. Nothing travels end-to-end but safe content. Attackers cannot get in, and the business gets what it needs.
Transformation is the only way to ensure that threats are removed from content because it assumes all data is unsafe or hostiles. It doesn’t try to distinguish good from bad. It cannot be beaten; as a result security team satisfied because the threat is removed. Business teams is appeased because they get the information they need.
Steganography is the covert hiding of data within seemingly innocuous files. Stegware, the weaponization of steganography in images by cyber attackers, is on the rise. It is offered by default in malware-as-a-service kits on the Dark Web and used in Malvertising campaigns to extort money from thousands of users and bring reputable news sites to their knees. Stegware has also been running with social media websites to steal high-value financial assets; concealed in seemingly bland images. Existing perimeter web defenses (web gateways and firewalls) cannot protect businesses
If a user is accepting images from the public domain, CTOs/CIOs/CSOs should check the servers are washing the images properly. If social media is allowed, it should be kept away from sensitive data and systems. Above all, a business has to understand that detection is not the answer and formulate a strategy for content transformation.