SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Just one click – that’s all it takes to let in cyber-crime
Fri, 25th Sep 2020
FYI, this story is more than a year old

By Bufferzone Security business strategist for ANZ Greg Wyman.

Organisations can train users all day, every day, but humans are humans. It's never possible to train 100% of users to identify and never click on a malicious link, or open a potentially harmful email attachment.

All it takes is for one user to visit one website, click a single web link, open one email attachment or download one file from a website, and potentially have a hacker or ransomware inside the organisation. Although phishing training is critically important, it is only a superficial layer of protection.

Attackers prey on the oldest human traits of greed, necessity, kindness, urgency or fear, to encourage users to click a link or open an email attachment.

So how do organisations ensure that users are not compromised by simply doing their work?  The answer is surprisingly simple. It is about isolation, containment and elimination, or ICE solutions for short.

Imagine if every time users browse the internet, click a link, download a file or open an email attachment these are all opened in a low impact, secure virtual container located at the endpoint.

Any malware, ransomware or hacker code is isolated in that virtual container and, quite simply, it cannot escape to infect the rest of the organisation. To eliminate the malware, empty the container, and it all disappears.

The next challenge is how to bring file types such as Word, Excel, Powerpoint, PDF's et cetera from untrusted or unknown external sources such as the web and emails into the business, and ensure there is no hidden or embedded malware in any of those documents?

Again, the solution is remarkably simple. All inbound files should be broken down to their barebone known useful components, then immediately reassembled using only the known good, industry-standard components. This leaves behind in the secure virtual container all macros, VB scripts, hidden or embedded objects and malware.

The document is visually identical to the original but does not contain malware. Any malware is isolated in the escape-proof container, and when this gets emptied, all malware disappears.

The cornerstone of an ICE solution is to have minimal impact on the users' machines and for the sanitisation process to take just a few seconds so that work and users are impacted as little as possible. They can click links, download files and open attachments with confidence.

The users are protected, and the organisation has prevented a potentially devasting malware attack. This is especially concerning today as, according to Verizon, 94% of data breaches start at the endpoint.

Realistically, it's never possible to stop 100% of users from clicking a web link, or downloading a file from the internet, or opening an email attachment. But that is where the latest in ICE solutions deliver compelling value add to existing endpoint security infrastructure and help to reduce cost and complexity while improving protection.

ICE solutions are designed to complement existing endpoint security products quickly and cost-effectively, to improve effectiveness without the traditional cost and complexity, and to stop even the unknown, undetectable, never-before-seen threats attacking businesses of all sizes.

With ICE based solutions, users can click and download with virtually zero risk.