[BreachExchange] Don’t be the weakest link: protecting your supply chain from targeted malware attacks

Audrey McNeil audrey at riskbasedsecurity.com
Wed Sep 7 18:48:53 EDT 2016


http://www.itsecurityguru.org/2016/09/07/dont-be-the-
weakest-link-protecting-your-supply-chain-from-targeted-malware-attacks/

Every senior manager knows that falling prey to a malware attack could
yield catastrophic results. But what if that malware spread beyond your own
systems, taking your partners, customers and supply chain down with you?

Cybercriminals have been busy over the past year, carrying out an alarming
number of malware attacks varying the payload from types that enable access
to confidential client or personnel data to a recent wave of ransomware
attacks. Yet despite a growing awareness, these attacks continue to be
successful. With file-based attacks accounting for 94 per cent of
successful data breaches, a growing number of organisations have admitted
that they are helpless to prevent future attacks. The answer, so far, has
been to focus instead on detecting and responding to malware after it has
already made its way onto the organisation’s system. At the same time, an
equally important concern is beginning to gain the attention of those
managing the security of their organisation’s reputation.

Security surrounding outbound emails is becoming a higher priority for IT
professionals, as the fear of infecting a business partner, supplier or
customer via corrupted attachments is becoming a reality, especially in
organisations like law firms, who employ Lawyers and Partners that send and
receive hundreds of emails and file attachments to and from their clients
each day. Needless to say, any organisation implicated in the unwitting
spread of harmful malware could face irreparable damage to its reputation,
inevitably losing the trust of important clients and partners and feeling
the consequential damage to profits.

The amount of goodwill that can be lost shouldn’t come as a shock,
considering the potential cost of suffering a data breach:

High-profile incidences in recent years have led to a shake up of
Regulation which will introduce steeper fines and even publicly name
companies who suffer data breaches.  Growing concern from increasingly
cyber aware consumers have all created a heightened sense of caution for
companies in all sectors. As a result, any organisation suspected to be
unknowingly sending malware to its partners and clients will have
difficulty in maintaining any sort of relationship, or at best be in a
weaker position commercially.

Finding a clear answer

In response to these concerns, many organisations are turning to digital
signatures to authenticate document origins, and encryption as a means of
securing their email communications. While these security methods offer
some solace, by protecting the contents of a message from being intercepted
and accessed by an unknown third-party, relying too heavily on encryption
and digital signatures provides less than perceived protection should the
endpoint generating the document become compromised at any point.

In this case, all that encryption will accomplish is securely delivering an
infected file – which could potentially have even greater ramifications
from the recipient if their system were to become infected. With hackers
becoming increasingly adept at operating unseen, through a combination of
advanced, timed embedded malicious code and highly-targeted social
engineering, an increasing number of organisations are becoming unwitting
accomplices in the spread of malware, regardless of how confident they are
in their inbound and outbound security solutions.

With this in mind, the validation and integrity of outbound files should be
a main objective for ensuring trust and security of any organisation. Any
business process that requires encryption or digital signatures applied to
files, must ensure they are validated, their integrity guaranteed, and then
signed in order to ensure any risk of spreading malware is nullified.

In order to be seen as trustworthy by clients, organisations must be able
to ensure their clients that only clean versions of original files to leave
– and enter – their systems.

The uncompromised solution

Available to the market are innovative technologies take a brand new
approach to ensuring the validity of outbound files – whether they be PDFs,
Word, PowerPoint or Excel files.

Typically, these solutions makes no assumption about the integrity of
outbound files. Instead of simply encrypting files before they are sent,
they either create an image based replica or regenerate a brand new version
of the original that is guaranteed to be free of any malicious code in real
time.  Being email security platforms, these solutions need to be as near
wire speed as possible, whilst breaking each file down to byte-level, so it
can be fully analysed and rebuilt with only code that is known to be safe.
This is cutting edge technology, that organisations are actually finding
works, allaying their general mistrust of cyber security solutions being
effective.

This new and innovative approach runs contrary to legacy cybersecurity
solutions, which instead look only for elements that are known to be
malicious, or have a signature to block anything bad. The benefit of the
“known good” approach is that it doesn’t need to rely on constant updates,
which would typically need to be released each time a new macro or other
exploit is discovered.

By implementing a different solution as part of a layered security approach
to supplement conventional encryption and digital signatures, organisations
can be assured any file they are sending to a client or partner is not just
protected, but more importantly, uncompromised.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160907/ad1303b6/attachment.html>


More information about the BreachExchange mailing list