person using tablet with cyber security

Internet-facing Portals are the new Achilles Heel for any business, argues Deep Secure Sales Director, Paul Hancock.

Last week, we looked at how the world of work is changing in the wake of the coronavirus pandemic and specifically how homeworking has elevated the threat-level for businesses. But the pandemic has also created the conditions for a cyberattack via another channel, the Internet-facing portal.

Another day, another portal

Of course, portals are nothing new but against the backdrop of the pandemic, which has driven a new age of working and of the need to be able to access business’s no matter where or when, barely a day goes by without another portal or Web application being launched by governments and businesses keen to be responsive to the needs of citizens and customers alike.

These portals are usually built in the cloud, enabling the organisation to reap the benefits of rapid development, immediate rollout and the kind of limitless scalability that is essential in the face of unprecedented levels of demand.

Bringing these portals to market quickly is key, but in doing so, the organisation can leave themselves vulnerable. A badly secured portal is an Achilles Heel or backdoor by which an uploaded file containing malware can be ingested very easily into the organisation.

Malicious file uploads

A malicious file upload is a document or image containing concealed malware. It arrives via a portal. It is designed to target the employee who will eventually open it or to attack the portal itself, for example as a malformed document.

This type of malware is frequently sufficiently new and well-concealed that it evades detection-based cyber defences and even modern artificial intelligence technologies. So how best can you protect the portal from this type of attack?

 Best Practice Guidelines

The UK’s NCSC has published a set of best practice guidelines for those charged with the security of an application that must accept documents and images from the Internet. In the NCSC “Pattern: For Safely Importing Data”, the organisation recommends an approach called document transformation to ensure imported documents are threat-free.

Transformation is a mechanism whereby untrusted documents and images have the essential business information extracted from them. The originals are then discarded – along with any embedded threats. The business information is then verified and brand-new documents are then created and formatted to match the originals. The new documents are the ones the organisation ingests. The originals never get a look in.

Threat removal without detection, signatures or guesswork

Delivering digital purity with 100 % efficacy is a cornerstone of Deep Secure’s Threat Removal technology. It’s 100% effective, removing threats without being reliant on detection, virus signature updates or “best guess” algorithms.

The number of portals being launched in the wake of the pandemic continues to grow and with it the risk that they may be used by individuals to knowingly or unknowingly upload documents and images containing concealed malware.  Deep Secure’s Threat Removal is the only technology that guarantees files uploaded into these portals are totally malware-free.

SIGN UP: You can see Deep Secure’s Aaron Mulgrew demonstrate how we remove absolutely any malware from a file upload without the need for detection, signatures or guesswork at our Coffee Break Webinar: File Uploads – Removing the Threat on 28th May 2020 at 11:00am BST.


View all posts