CFO across the public and private sectors would no doubt like to believe the business information browsed, read and shared every day by everyone in their organisation is threat free.
But the likelihood is that it is not is big and there are a host of reasons for this.
Why does the security of your data matter anyway?
Partly it’s a matter of the plethora of communication channels and the rate at which they are evolving. Case in point: the average size of a web page has grown six-fold, and 67% of that page will likely be images. Chances are most cyber defence systems installed do nothing to combat threats concealed in these images. Equally, the ubiquity of social media provides an ever-increasing number of routes through which malware can be introduced, data stolen and reputational damage inflicted.
The other reason CFOs should view their cybersecurity defences with a healthy dose of scepticism is the sophistication being now demonstrated by cybercriminals. Of course, well-known and simple techniques are used every day to compromise organisations. But if those fail and the will is present, criminals are perfectly capable of handling and using the kind of complexity that was once the preserve of government agencies.
Either way, the fact is that from documents and spreadsheets to images and PDFs, digital content – the essential life-blood of business and commerce – is the carrier of choice for the cyberthreats used by today’s attackers.
Cybersecurity professionals have long been concerned with the threat posed by digital content. The last 25 years have seen an on-going “arms race” in which the criminal has continually had the upper hand. Initially, anti-virus provided some rudimentary respite until it became apparent that defences based on detection could be easily breached by “evolving” the threat so that it changed slightly every time it was used.
Then “sandboxing” techniques were developed to defend systems by performing a kind of “contained explosion” of suspect content. Criminals developed evasion techniques and rendered them ineffective almost immediately. For years now, highly sensitive government systems have employed Deep Content Inspection (DCI) to block anything that was merely capable of carrying an attack, but even here the increasing sophistication of attacks make it impossible for defenders to stay ahead without preventing everything and stopping business from being transactional.
Is it possible?
So, is the digitally pure enterprise – one in which everyone can browse, read and share business information with complete peace of mind achievable? What’s needed is an entirely different approach, one that changes the rules of the game and recently this has become a reality. Not by continuing with the current paradigm of detection and reaction; which is merely an invitation for the defender to carry on trying to play catch-up with the attacker.
In March 2018; industry analyst Gartner published a finding entitled, ‘Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks’. In the report, the author drew attention to ‘Pattern 4: Content Transform’ as key to building defences that deal with the threat landscape going forward.
Content Transform is a way to get and stay ahead of the attackers as it eliminates threats and leaves no opportunity for evasion techniques to be developed. If done correctly, the result of this approach can be termed ‘Content Threat Removal’ (CTR).
How does CTR work and how will the business get the information it needs?
CTR works by assuming that all data is unsafe, whatever data an attacker sends in gets blocked. It doesn’t try to distinguish good from bad, so there’s nothing to get wrong.
CTR operates by extracting the business information from the digital content received. The data carrying the information is then discarded and new safe data is created to carry the business information to its destination. This way, attackers are denied entry access and the business gets what it needs. When it comes to the content threat, the efficacy of this approach cannot be beaten. Security teams are satisfied because the threat is removed and business teams get the information they need.
As perpetrators have become more sophisticated, defences that detect them have improved. But each time defence technology advance, attackers developed new techniques to evade them. However, it looks like the end of the line for the detectors. As digital trespassers are now hiding threats in images using steganography, which is currently impossible to detect. The future has to be something radically different, a defence that doesn’t rely on detection but defeats the digital content threat posed by attackers once and for all. CTR offers the promise that at every communication boundary – email, web, social media, data kiosks – inbound and outbound threats can be removed in a way that leaves the criminal with no ability to complete the cybercrime. It powers the business user with timely access to the information they need.
The idea of the digitally pure enterprise is an alluring one. Any business that can establish a track record for guaranteeing its users, business partners and customers access to clean, pure business content will differentiate themselves in a threat-filled cyber landscape.
There is still a long way to go to become digitally pure enterprise. After all, CTR doesn’t spell the end of other security measures. Endpoint security is still needed as there will be other ways into a system that CTR is not controlling and the system boundary still needs to be maintained. Internal monitoring and data leakage protection controls are still essential because insiders continue to pose a threat. But with CTR in place, high-value assets such as executive teams, financial departments and those accessing customer data can be protected with a “ring of steel” that denies the attacker any purchase and allows the business to function smoothly.