Data loss prevention: Why digital images should not be overlooked
Article by Clearswift CTO Guy Bunker
Digital images are increasingly being used as mechanisms for cyber-attacks. What can organisations do to minimise risks and mitigate against this advanced threat?
The world of cybersecurity never stands still.
Cyber criminals are becoming increasingly creative, releasing new sophisticated cyber-attacks through innocuous-looking documents, email messages, social media, and even texts.
Their latest threat innovation involves everyday digital image files such as PDFs, JPGs, PNGs, GIFs, (and other image file types), used as the delivery source of targeted Advanced Persistent Threats on the way into organisations and as tools for concealing critical information on the way out.
Image files are one of the biggest unaddressed data loss issues for organisations today.
A step-change required for DLP
Traditional Data Loss Prevention (DLP) solutions provide basic protection against the threat of someone trying to send a file to an unauthorised individual.
However, to combat advanced threats, data loss prevention requires a step change. Clearswift solutions provide an advanced level of Deep Content Inspection so that email messages, attachments and web uploads/downloads can be scanned to detect sophisticated threats such as ransomware embedded in documents and images.
Once detected, Adaptive Redaction Technology – developed to modify the content of files in real-time – can be used to remove only the malicious or sensitive data, allowing the remaining digital communication to continue its way.
This enables a continuous flow of communication without the risk of critical information being shared with unauthorised individuals, or malicious content being received into the network.
Mitigate against new image-based threats
Clearswift has developed a range of new innovative features within its SECURE Email and Web Gateways to help combat next-generation data loss risks through images.
Optical Character Recognition (OCR) is a digital technique for analysing images and extracting the text, so that it can be processed like a normal electronic document using DLP functionality.
This includes scanned documents to PDF (from a multi-function printer, for example), or screenshots saved as an image such as a JPG.
OCR enables the images to be analysed just like any other document or file during the transfer process – whether via email or when being uploaded/downloaded to/from websites and Cloud apps.
A further enhancement to OCR analysis allows redaction of text in images, removing only the information which breaks policy by drawing a ‘black box’ across the words.
A technique called steganography can also be used by cybercriminals to ‘hide’ information in digital images.
This is where tools are used to subtly change the image by encoding and embedding sensitive data such that, to the naked eye, there is no visible difference and then the image is used to exfiltrate data.
A standard-sized image can easily hide several thousand customer contacts or account numbers.
In this case, OCR will not help remove the risk as it isn’t a picture of the text.
However, Clearswift’s anti-steganography functionality will disrupt the image so that no hidden data can be extracted – but the image, to the naked eye of the recipient, remains the same.
Leave no stone unturned
When it comes to threat detection, images should not be overlooked.
New technology within advanced DLP solutions, such as Clearswift’s OCR and anti-steganography functionality, can mitigate against the risks of images being used as weapons to launch cyber-attacks or to exfiltrate data.
Using these technologies organisations can protect themselves against data breaches and keep their critical information secure.
For more information, visit here.