Email is indisputably a critical enterprise communication tool essential for sending important documents quickly and efficiently between employees, managers, HR, finance, sales, legal, customers, supply chain and more.
Unfortunately, organisations often do not understand that the file-types used every day to share important information – standard files like Word docs, Excel spreadsheets and PDFs – are also the most common attack vectors widely used for the distribution of malware. For cybercriminals, it’s often too easy to target a user with a spoofed email or phishing attack, and trick them into opening an infected attachment that appears to be legitimate. With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organisations – their security teams and employees – to adopt appropriate security strategies and best practices to prevent a company-wide attack.
Here are tips about what businesses can do to thwart these threats and keep sensitive data protected from malicious actors.
As with anything, organisations need to consider and evaluate all possible avenues of attack and decide what functions their business needs to keep or eliminate in order to operate safely. This is especially true when evaluating email attachments as a threat vector. Many people fail to understand that exchanging documents involves risk — about 98 percent of files do not conform to the manufacturers’ original document design. Before they can effectively mitigate the any potential threats, organisations need to determine whether an aberration in a file is due to an attack, or something that’s just poorly written or configured. A comprehensive understanding is required of the documents coming through their network, the types of files and structural problems, and which in-coming functional elements could represent risk. Creating a big-picture view of email security and risk posture is a critical first step towards understanding potential threats and implementing effective policies designed to mitigate risk and thwart attack.
Once you get a handle on the risks, it will be imperative to apply the appropriate security solutions. Most organisations have all the standard border controls, including firewall, anti-spam, anti-virus and even a sandbox, which are often still by-passed by targeted attacks. By now it’s clear that current anti-virus and other signature-based solutions placed at the border are not stopping well-crafted, highly targeted attacks, leaving gaping holes in defensive security architecture. Meanwhile, attacks conducted via malicious email attachments have become increasingly sophisticated, luring users with phishing campaigns that appear to be completely legitimate. Assume that traditional signature-based anti-virus solutions and even relatively new sandbox technology will let a socially-engineered malicious document through to the user. Remember, it only takes a user to click on one malicious attachment for a company to face disaster. There needs to be a ‘new baseline’ for security founded on innovation that does not rely on the old border security technology.
Addressing gaps in email security defences will require a paradigm shift that supplants targeting the bad with techniques that look for and validate the “known good”. The reason? Cyber criminals are constantly updating their tactics. Validating a file’s legitimacy against “known good” provides a high benchmark and offers an accurate point of comparison. To that end, organisations need to validate documents against the manufacturers’ specifications and regenerate only “known good” files. From there, they can create a clean and benign file in its original format, which can be sent out again and passed along without any interruption to business. In short, it’s about asserting control over the document by bringing security to where it’s needed most – at the file level. Similarly, organisations should also continue this proactive stance by using deep file-inspection, remediation and sanitisation tools to eliminate malicious documents before they enter the system.
The BYOD phenomenon undoubtedly comes with a myriad of benefits – not the least of which is giving employees flexibility to work from anywhere and conduct both personal and business activities, including document transmission, with the same device.
However, while convenient and efficient, conducting business functions from a personal device often undermines control over the types of sites and apps used by employees. This in turn potentially exposes corporate data to information-stealing malware. Meanwhile, malware that can be transmitted via attachments to employee workstations can just as easily be transmitted via mobile devices – and what’s more, many mobile devices aren’t equipped with security solutions aimed at detecting infected documents. Thus, malware from infected documents successfully downloaded on a company mobile device will have the same access to sensitive information as it does on the corporate network. While the ability to send attachments via mobile devices might be a requirement for some, it’s best to determine for whom this function is an absolute necessity, and then restrict it to employee workstations for everyone else.
Ultimately, organisations need to reduce the risk of a single employee opening up their whole organisation to a malware attack. Among other things, that means carefully determining the kinds of file-types and functional items that employees actually need in order to do their jobs.
It is difficult to achieve 100 per cent employee compliance with any set of security procedures, but if an organisation follows these tips and uses technology to ensure that only the “known good” is admitted to the system, it will hugely increase its level of protection.
by Sam Hutton, CTO at Glasswell Solutions