[BreachExchange] Cyber-security needs real innovation
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Nov 8 19:27:14 EST 2016
http://www.scmagazineuk.com/cyber-security-needs-real-
innovation/article/567862/
Now acknowledged as one of the biggest threats to a business's bottom line
and reputation, cyber-security is taking centre stage as business leaders
seek protection from the raft of attacks now prevalent. The scale of the
threat is being taken incredibly seriously and was demonstrated earlier
this year when it was discussed at length at the World Economic Forum. For
many of those attending, it is the biggest challenge facing the world's
technology industries. Others warned that fear of data breaches is causing
organisations to hold off technology investment.
Amid this disquiet, governments are also placing ever more focus on
cyber-security awareness and are advising on best practice. Last year in
the UK, for example, the Chancellor of the Exchequer outlined a five-step
plan to increase cyber-security.
In the US, meanwhile, the proposed Cyber-security Disclosure Act would
require public companies to give reasons for not having a cyber-security
expert on the board. In the EU, after the European General Data Protection
Act comes into effect in 2018, organisations will risk stiff fines if they
suffer data breaches or are found to be negligent around security.
Not surprising then that CISOs in enterprises industry-wide are under
pressure to be innovative and to find new, but cost-effective, solutions.
They are fully aware that they will be held accountable in the event of a
serious data or security breach.
If the new focus on cyber-security is to work, however, all involved need
to realise that constantly-evolving threats require constant innovation,
rather than just post-infection Band-aid. Criminals have moved on from what
are commonly called signature-based threats, to instead placing increased
attention to altering the structure of common file-types to defeat existing
security and anti-virus solutions and breach an organisation's defences.
As the evolution and sophistication of these threats becomes clear, it is
time for all organisations to grasp that cyber-criminals are not gifted
amateurs, but sophisticated professionals determined to steal funds or
shadowy arms-length state organisations with significant resources
dedicated to the theft of intellectual property. Between them they never
stop experimenting and evolving.
When faced with such ingenuity, legitimate businesses cannot afford to fall
behind in the race to innovate and need to reassess their level of skill
and motivation.
Most fundamental of all, CISOs have to understand that traditional
signature-based AV security no longer cuts the mustard. Email attachments
are still the most common delivery mechanism for the malicious code that
enables criminals to steal, destroy or hold data to ransom, but how they
are used has changed.
Analysis of many thousands of files shows that while extensible features
such macros and embedded files remain significant dangers, criminals are
now well-advanced in altering the underlying structure, or building blocks,
of Word, Excel, PowerPoint files and PDF files, so that once opened they
will trigger a malicious exploit. In PDFs, for example, Glasswall has found
that structural threats are close to outweighing those hidden in embedded
files, AcroForms, Javascript or some combination of these elements.
An effective solution to defend against this deliberate corruption of
email-bound documents lies in file-regeneration technology. An automated
solution utilising this capability disarms malicious files, producing a
benign version referenced against the manufacturer's original standard,
checking it right down to byte level instead of just looking for active
content in the body of the document. A sanitised file is regenerated at
sub-second speeds and passed on to users in real-time to maintain business
continuity.
The technology is designed to protect organisations against even the
smallest and most subtle alterations in file structure, detecting for
example, where criminals have changed just two bytes in a PDF file to crash
the reader software to trigger malware or hidden exploits.
In contrast, transformation-based technologies, rather than regeneration,
are less effective at removing threats, often producing un-editable PDFs or
JPEGs which significantly disrupt business continuity.
Transformation technologies also frequently make the same mistake as those
they seek to supplant, searching for what is already known, since they are
often incapable of removing new threats that have no name or signature. For
example, AcroForms are known to carry malware and are one of the focus
areas for CDR technology. However AcroForm threats can be removed from a
PDF while leaving 80 percent of malicious content intact.
Besides blocking out known and evolving threats, file-regeneration is
designed to put organisations back in control, deciding who should receive
specific file content as part of a broader security posture. It aims to
ensure that individual employees no longer have to make decisions about
whether it is safe to open files.
File-regeneration solutions are designed to give organisations higher
levels of security and streamlined efficiency and this benefit should be
recognised by CISOs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161108/70178086/attachment.html>
More information about the BreachExchange
mailing list