sb-eu logo
Story image

In IT security, ‘good enough’ is no longer good enough

18 Jun 2020

Article by Bufferzone Security technology entrepreneur Greg Wyman.

As organisations start to return to work from the COVID-19 crisis, ensuring adequate protection is more critical than ever. Organisations of all sizes have been forced to enable remote workers hastily, with their number one priority being connectivity.

But all the hurry has exposed many organisations to serious exposure and risk. Now that organisations are starting to return to work, this does not mean the threats have stopped or reduced.

Cyber attackers live by the motto ‘Never let a good crisis go to waste’, and COVID-19 delivers a perfect storm of opportunity for them.

Let’s look at just the top three issues facing almost every business in the past eight weeks:

  1. Users have quickly moved from corporate systems to remote systems.
  2. 94% of data breaches start with email or the web, according to Verizon in 2019.
  3. If a user clicks a link or opens a malicious email – a hacker can enter and infect the entire organisation.

An extra layer of protection is required immediately to protect arguably the most vulnerable and largest attack surface of any organisation - the user’s desktop or laptop. Once compromised, cyber criminals have the proverbial ‘keys to the kingdom’.

What is needed is a defensive posture that changes the rules in the fight against the bad guys, protects endpoints from the attackers, and prevents hackers and ransomware from gaining access to corporate networks and data.

In an ideal world, traditional security – like anti-virus and next-gen AV –  should form the outer layer of a protection strategy to stop known (traditional) malware and spam. 

They often have a 95% to 99% success rate for detecting known malware – which is good, but that also means that for every 100 emails, one to five will make it through traditional detection technology.

Yet if a single email succeeds in getting through, the hacker can breach an entire company. Is that good enough today?

The solution is to add an additional layer of security in the form a lightweight secure virtual container that contains the threats. 

Malware, ransomware and hackers simply cannot move outside the container and infect corporate systems. To eradicate the virus or ransomware on the user’s computer simply requires a single button click – empty the container and malware is eliminated.

Today, issues arise when users visit compromised websites, download files from the web or have email attachments that may contain hidden or embedded malware, VBS scripts or macros.

As a default, no files should be allowed into the corporate network unless they have been sanitised and all malware removed from the file – not just running anti-virus on the file.

Using the latest technology, inbound files can be broken down to their actual components and then reassembled leaving behind any malware, VBScripts, macros and so forth. The reassembled document is identical to the original – and it is malware-free.

The ultimate goal for most organisations should be to protect against known threats (with traditional anti-virus) and contain unknown threats to help ensure that no infected files can enter the organisation to enable a hacker to deliver their malicious payload and compromise an organisation.

The hackers hope that users stay with their ‘good enough’ detection products, as these allow relatively simple access to penetrate an organisation.

Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Lazarus Group linked to phishing attacks on cryptocurrency sector
In this case, the attacks were launched through a phishing document sent via LinkedIn to employees at the targeted organisation. This phishing document was styled to look like a job advertisement for a role in a blockchain company.More
Story image
Video: 10 Minute IT Jam – F-Secure talks APTs and the Lazarus Group
We spoke to F-Secure's director of detection and response, Matt Lawrence.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
BT Security shakes up roster of vendors after 'largest ever' partner review
BT says the decision to review their security partner base was driven by the recognition that many customers find it difficult to navigate today’s complex security landscape, as well as customers’ desire to have a ‘leaner set of partners’.More