John Stevenson by John Stevenson | | Blog

padlocks and web security

One cyber security threat above all others has dominated the news agenda in 2020 and kept CISOs awake in their beds into the small hours. Ransomware.

Ransomware is a type of malware that encrypts the organisation’s files. The attacker then demands a ransom payment in return for the decryption “key” and may also threaten to publish the organisations’s data if the ransom is not paid. Ransomware attacks are typically carried out using a piece of malware that is disguised as a business document that the user is tricked into downloading or opening, either as an email attachment, or as a link to a document on a compromised website.

In the past two months, organisations as diverse as a US Gas pipeline, a UK local authority and an international currency exchange firm have all been victims. Each has experienced business outages measured in days, weeks and even months. Each has incurred considerable clean-up costs. Each has suffered significant – even existential – damage to brand and reputation.

So, as the number of ransomware attacks continues to rise, here are our top tips for avoiding becoming another victim.

Time for Zero Trust

Ransomware is now so sophisticated and well-concealed that it repeatedly evades detection by anti-virus tools that work by scanning documents to try and find malware. To combat the threat you need to take a different approach to ensure documents and data are completely threat-free: zero trust.

With our zero trust threat removal platform, every file arriving into the organisation is transformed into a new, safe document. Only the valid business information is extracted from the untrusted document, with the original is discarded. The extracted business information is then formatted to match the original and a wholly new file is ready for use. Nothing is trusted, any threats are left behind and the ransomware simply can’t get in.

More than Email

When it comes to threats like ransomware concealed in documents, organisations have traditionally focussed on their email defence and specifically protecting their users against phishing attacks where the threat is concealed in an email attachment. This is all well and good but attackers have now changed tack. Now the modus operandi is to publish a document containing ransomware on a compromised website and then mount a phishing campaign designed to encourage the user to click on a link and inadvertently initiate the ransomware attack by downloading the document.

To combat the problem, it’s essential to apply zero-trust threat removal to your Web gateway. This also helps in situations where users are bringing documents into the organisation via their personal webmail accounts and via file sharing sites such as dropbox.

Protect Your Portals

Internet-facing web portals are used to interact with customers and suppliers, accepting everything from CVs and citizen data to loan applications. Unfortunately a web portal is also a key vector for attack, often an overlooked 'side entrance' into the organisation and a prime target for attackers intent on delivering ransomware via documents.

To-date, most organisations have attempted to combat this threat using antivirus software and Web Applications Firewalls (WAFs) that rely on detection and analytics to find the threat.

This defence needs bolstering with zero-trust portal protection. This approach ensures that every uploaded document is transformed and 100% free of ransomware before it enters the organisation.

Into the Cloud

The rapid growth of cloud-based applications and workflows also exposes the organisation to the threat of ransomware. Developers need to combat this threat by implementing a zero trust defence that is designed-in to their applications. This “security as code” approach can be achieved by using APIs to transform documents and render them 100% safe.

See Document Transformation In Action
Sign up for a Free Trial

View all posts