Sam Hutton, CTO, Glasswall Solutions
Sam Hutton, CTO, Glasswall Solutions

Now acknowledged as one of the biggest threats to a business's bottom line and reputation, cyber-security is taking centre stage as business leaders seek protection from the raft of attacks now prevalent. The scale of the threat is being taken incredibly seriously and was demonstrated earlier this year when it was discussed at length at the World Economic Forum. For many of those attending, it is the biggest challenge facing the world's technology industries. Others warned that fear of data breaches is causing organisations to hold off technology investment.

Amid this disquiet, governments are also placing ever more focus on cyber-security awareness and are advising on best practice. Last year in the UK, for example, the Chancellor of the Exchequer outlined a five-step plan to increase cyber-security.

In the US, meanwhile, the proposed Cyber-security Disclosure Act would require public companies to give reasons for not having a cyber-security expert on the board. In the EU, after the European General Data Protection Act comes into effect in 2018, organisations will risk stiff fines if they suffer data breaches or are found to be negligent around security.

Not surprising then that CISOs in enterprises industry wide are under pressure to be innovative and to find new, but cost-effective, solutions. They are fully aware that they will be held accountable in the event of a serious data or security breach.

If the new focus on cyber-security is to work, however, all involved need to realise that constantly-evolving threats require constant innovation, rather than just post-infection BAND-AID. Criminals have moved on from what are commonly called signature-based threats, to instead placing increased attention to altering the structure of common file-types to defeat existing security and anti-virus solutions and breach an organisation's defences.

As the evolution and sophistication of these threats becomes clear, it is time for all organisations to grasp that cyber-criminals are not gifted amateurs, but sophisticated professionals determined to steal funds or shadowy arms-length state organisations with significant resources dedicated to the theft of intellectual property. Between them they never stop experimenting and evolving.

When faced with such ingenuity, legitimate businesses cannot afford to fall behind in the race to innovate and need to reassess their level of skill and motivation.

Most fundamental of all, CISOs have to understand that traditional signature-based AV security no longer cuts the mustard. Email attachments are still the most common delivery mechanism for the malicious code that enables criminals to steal, destroy or hold data to ransom, but how they are used has changed.

Analysis of many thousands of files by Glasswall shows that while extensible features such macros and embedded files remain significant dangers, criminals are now well-advanced in altering the underlying structure, or building blocks, of Word, Excel, PowerPoint files and PDF files, so that once opened they will trigger a malicious exploit. In PDFs, for example, Glasswall has found that structural threats are close to outweighing those hidden in embedded files, AcroForms, Javascript or some combination of these elements.

The only effective solution to defend against this deliberate corruption of email-bound documents lies in file-regeneration technology. An automated solution utilising this capability disarms malicious files, producing a benign version referenced against the manufacturer's original standard, checking it right down to byte level instead of just looking for active content in the body of the document. A sanitised file is regenerated at sub-second speeds and passed on to users in real-time to maintain business continuity.

The technology protects organisations against even the smallest and most subtle alterations in file structure, detecting for example, where criminals have changed just two bytes in a PDF file to crash the reader software in order to trigger malware or hidden exploits.

This is a solution devised after long and pioneering experience in the “Content Disarm and Reconstruction” (CDR) sector. After all, obtaining a completely benign file is a hugely complex process which, for a PDF, requires 3,500 conformity checks in much less than a second.

Rival technologies based on transformation alone rather than regeneration are simply less effective at removing threats, often producing un-editable PDFs or JPEGs which significantly disrupt business continuity.

Transformation technologies also frequently make the same mistake as those they seek to supplant, searching for what is already known, since they are often incapable of removing new threats that have no name or signature. For example, AcroForms are known to carry malware and are one of the focus areas for CDR technology. However, Glasswall analysis has shown AcroForm threats can be removed from a PDF while leaving 80 percent of malicious content intact.

Besides blocking out known and evolving threats, one of the great benefits of file-regeneration is that it puts organisations back in control, deciding who should receive specific file content as part of a broader security posture. It means individual employees no longer have to make decisions about whether it is safe to open files.

The overall outcome is that organisations can send and receive emailed documents from customers, partners and suppliers in full confidence and which in turn are safer to do business with. It is clear that only the kind of genuine innovation to be found in file-regeneration solutions will give organisations this watertight level of security and streamlined efficiency. In the face of so many emerging threats it is vital that the CISO recognises this important fact in the ongoing battle against cyber-crime.

Contributed By Sam Hutton, CTO, Glasswall Solutions