sb-au logo
Story image

Just one click – that’s all it takes to let in cyber-crime

25 Sep 2020

By Bufferzone Security business strategist for A/NZ Greg Wyman.

Organisations can train users all day, every day, but humans are humans. It’s never possible to train 100% of users to identify and never click on a malicious link, or open a potentially harmful email attachment.

All it takes is for one user to visit one website, click a single web link, open one email attachment or download one file from a website, and potentially have a hacker or ransomware inside the organisation. Although phishing training is critically important, it is only a superficial layer of protection.

Attackers prey on the oldest human traits of greed, necessity, kindness, urgency or fear, to encourage users to click a link or open an email attachment.

So how do organisations ensure that users are not compromised by simply doing their work?  The answer is surprisingly simple. It is about isolation, containment and elimination, or ICE solutions for short.

Imagine if every time users browse the internet, click a link, download a file or open an email attachment these are all opened in a low impact, secure virtual container located at the endpoint.

Any malware, ransomware or hacker code is isolated in that virtual container and, quite simply, it cannot escape to infect the rest of the organisation. To eliminate the malware, empty the container, and it all disappears.

The next challenge is how to bring file types such as Word, Excel, Powerpoint, PDF’s et cetera from untrusted or unknown external sources such as the web and emails into the business, and ensure there is no hidden or embedded malware in any of those documents?

Again, the solution is remarkably simple. All inbound files should be broken down to their barebone known useful components, then immediately reassembled using only the known good, industry-standard components. This leaves behind in the secure virtual container all macros, VB scripts, hidden or embedded objects and malware.

The document is visually identical to the original but does not contain malware. Any malware is isolated in the escape-proof container, and when this gets emptied, all malware disappears.

The cornerstone of an ICE solution is to have minimal impact on the users’ machines and for the sanitisation process to take just a few seconds so that work and users are impacted as little as possible. They can click links, download files and open attachments with confidence.

The users are protected, and the organisation has prevented a potentially devasting malware attack. This is especially concerning today as, according to Verizon, 94% of data breaches start at the endpoint.

Realistically, it’s never possible to stop 100% of users from clicking a web link, or downloading a file from the internet, or opening an email attachment. But that is where the latest in ICE solutions deliver compelling value add to existing endpoint security infrastructure and help to reduce cost and complexity while improving protection.

ICE solutions are designed to complement existing endpoint security products quickly and cost-effectively, to improve effectiveness without the traditional cost and complexity, and to stop even the unknown, undetectable, never-before-seen threats attacking businesses of all sizes.

With ICE based solutions, users can click and download with virtually zero risk.

Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
Working capital finance: what is it and how to apply
Working capital finance can help uncork the bottleneck many businesses face – inadequate cash flow – without causing headaches later down the line.More
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More