Among the many cybersecurity risks organisations face today, some of the most serious are contained within the billions of files and documents shared between people every day. These file-based threats – ransomware being a notorious example – are found in approximately 1 in every 100,000 files. The problem is, it can take days or even weeks before reactive antivirus and sandboxing solutions are updated to protect against new threats – in the meantime, the risk of malware infection remains.
The rise in remote and hybrid working has only served to widen the range of threats faced by organisations and their teams. What’s more, cybercriminals are using more sophisticated and convincing tactics designed to fool users into opening infected file attachments, documents and clicking on weblinks. As a result, this has become a ‘go to’ tactic used to disguise the presence of malware, with potentially devastating results.
The Rise Of Ransomware
As the regular media headlines show, ransomware is a huge problem for today’s highly connected digital organisations. In fact, there have been over 300 million ransomware attacks in the first half of this year alone – that’s more than the total for the whole of last year.
There have been a wide range of highly damaging attacks, including a growing level of those impacting critical infrastructure. Among the most high profile have been the disruption caused to the Colonial Pipeline’s fuel distribution services and the Irish healthcare system, which both had a major impact on the organisations and their stakeholders. It’s these incidents which have contributed to an increase in government legislation, most notably in the US, designed to increase the levels of protection across public and private sectors alike.
Aside from the damage caused to vital public services, the cost of ransomware is part of a growing cybercrime bill, which is expected to reach $6 trillion this year. Ransomware alone will cost victims around $265 billion annually by 2031, according to Cybersecurity Ventures.
Defeating Zero Day Threats
Adding to the challenges faced by IT and security teams are constantly emerging vulnerabilities that have not been seen before. Commonly referred to as ‘zero day’ threats, they are particularly dangerous because they are unknown to the organisations and individuals being targeted. As a result, it is much more difficult to protect networks against these attacks using traditional cybersecurity technologies. The result is that organisations everywhere routinely operate with major blindspots in their defences.
As these threats are identified, software vendors race to develop and release patches, but until they arrive – and users download and install them – the risk remains. In fact, new zero day exploits can remain undetected for up to 18 days until antivirus and sandboxing technologies are updated to mitigate the risk.
To counter these risks, Content Disarm and Reconstruction (CDR) is a class of preventative cybersecurity technologies designed to clean and rebuild a wide range of file types in common use, such as PDF, Word, Excel, etc to match their ‘known good’ manufacturer’s specification. This process automatically removes potential cyber threats to ensure every document entering or leaving an organisation is safe, meaning users can trust every file without sacrificing productivity.
The most effective CDR solutions employ a multi-stage process that works in real time to defeat file-based threats. Step one is where three layers of the file are inspected to validate that its structure complies with the known good manufacturer’s specification. Remediation instantly takes place where deviations are found. Next is a process that cleans high risk active content, such as macros and embedded links, based on company policy. This ensures only the users who need active content receive it. The file is then rebuilt to its known good manufacturer’s standard, ensuring it is clean and threat-free. Finally, the user instantly receives a safe, identical file that’s compliant, standardised and trusted.
The CDR niche is growing in importance, and as Gartner puts it: “While sandboxing and almost all other techniques depend on detection of behaviors, CDR protects against exploits and weaponised content that have not been seen before.” In an era where cybersecurity risks continue to present huge risks to organisations in every sector, those who can take a proactive stance will be better placed to keep their systems and data safe from attack.