The average office worker spends up to 80 per cent collaborating with their managers and colleagues using tools such as instant messaging, Dropbox, Google Drive or OneDrive which in most cases lack adequate security, this is according to Maor Hizkiev, CTO and co-founder of a content-borne threat security company, BitDam.
Email, shared URLs, file attachments, cloud drives and new digital communications are the most accessible entry point for advanced content-borne cyber attacks, with 95 per cent of cyber-attacks ‘launched with a click’. “Email remains the most commonly used channel for both opportunistic and targeted attacks, reports Gartner, but new collaboration tools present a growing risk,” states BitDam.
Hizkiev says that traditional anti-virus and mail scanner solutions still miss myriad threats, many of them entering the organisation through legitimate email addresses and – increasingly – through collaboration tools and instant messaging platforms.
Mike Bergen, South African GECI representative reveals that ensuring that every new collaboration tool is secure is a challenge for CIOs and CISOs, he says information security professionals are increasingly concerned about content-borne threats penetrating the network even with anti-virus and email scanning tools in place, and are looking to reduce the risk and costs involved in remediation once a threat has actually reached the network.
Malware embedded in legitimate applications like Word documents and Excel spreadsheets has traditionally been difficult to detect, particularly if the content is sent through known and approved email addresses or through cloud-based collaboration channels.
“The challenge is compounded by the growing trend for attackers to hijack an inbox or spoof a partner or vendor email address and send a mail that looks legitimate – with a known sender and record of prior correspondence, with an appropriate subject line, and possibly even in reply to an email sent by the victim – but which now contains malware in an attachment,” he says.
Addressing this threat demands a new approach to perimeter protection in which content is interrogated before being delivered, with tools to proactively assess whether the application execution flow is in line with its original design, or if it runs with alien code. “With this model, it does not matter if attackers develop new attack techniques; any content in a commonly-used business application deemed suspicious will be quarantined,” he says.