In IT security, ‘good enough’ is no longer good enough
FYI, this story is more than a year old
Article by Bufferzone Security technology entrepreneur Greg Wyman.
As organisations start to return to work from the COVID-19 crisis, ensuring adequate protection is more critical than ever. Organisations of all sizes have been forced to enable remote workers hastily, with their number one priority being connectivity.
But all the hurry has exposed many organisations to serious exposure and risk. Now that organisations are starting to return to work, this does not mean the threats have stopped or reduced.
Cyber attackers live by the motto ‘Never let a good crisis go to waste’, and COVID-19 delivers a perfect storm of opportunity for them.
Let’s look at just the top three issues facing almost every business in the past eight weeks:
- Users have quickly moved from corporate systems to remote systems.
- 94% of data breaches start with email or the web, according to Verizon in 2019.
- If a user clicks a link or opens a malicious email – a hacker can enter and infect the entire organisation.
An extra layer of protection is required immediately to protect arguably the most vulnerable and largest attack surface of any organisation - the user’s desktop or laptop. Once compromised, cyber criminals have the proverbial ‘keys to the kingdom’.
What is needed is a defensive posture that changes the rules in the fight against the bad guys, protects endpoints from the attackers, and prevents hackers and ransomware from gaining access to corporate networks and data.
In an ideal world, traditional security – like anti-virus and next-gen AV – should form the outer layer of a protection strategy to stop known (traditional) malware and spam.
They often have a 95% to 99% success rate for detecting known malware – which is good, but that also means that for every 100 emails, one to five will make it through traditional detection technology.
Yet if a single email succeeds in getting through, the hacker can breach an entire company. Is that good enough today?
The solution is to add an additional layer of security in the form a lightweight secure virtual container that contains the threats.
Malware, ransomware and hackers simply cannot move outside the container and infect corporate systems. To eradicate the virus or ransomware on the user’s computer simply requires a single button click – empty the container and malware is eliminated.
Today, issues arise when users visit compromised websites, download files from the web or have email attachments that may contain hidden or embedded malware, VBS scripts or macros.
As a default, no files should be allowed into the corporate network unless they have been sanitised and all malware removed from the file – not just running anti-virus on the file.
Using the latest technology, inbound files can be broken down to their actual components and then reassembled leaving behind any malware, VBScripts, macros and so forth. The reassembled document is identical to the original – and it is malware-free.
The ultimate goal for most organisations should be to protect against known threats (with traditional anti-virus) and contain unknown threats to help ensure that no infected files can enter the organisation to enable a hacker to deliver their malicious payload and compromise an organisation.
The hackers hope that users stay with their ‘good enough’ detection products, as these allow relatively simple access to penetrate an organisation.