Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents.
Due to how work is done in today’s offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to medium businesses (SMBs) usually lack the kind of security that protects their larger counterparts, they have a greater risk of being affected.
Falling victim to file-based malware can cause enormous problems for SMBs. An attack can damage critical data stored in the organization’s computers. Such loss can force a company to temporarily halt operations, resulting in financial losses.
If a customer’s private and financial information is compromised, the company may also face compliance inquiries and lawsuits. Their reputations could also take a hit, discouraging customers from doing business with them.
But despite these risks, SMBs still invest very little in cybersecurity. Fortunately, new and better solutions specifically focused on file-based attack protection like malware disarming are emerging to deal with file-based attacks. They’re becoming more accessible too.
Security solutions provider odix even recently received a 2 million euro grant from the European Commission recently to bolster its move to bring its technology to SMBs.
In the midst of rising threats, here are some ways on how SMBs can mitigate file-based attacks.
1 – Disarming Malware
File-based attacks involve malware that is kept hidden in a seemingly legitimate document. When a user opens the file, the malware is activated.
Depending on the payload, the malware can destroy or steal data. Many organizations continue to rely on antiviruses to deal with these attacks.
However, hackers are now using more sophisticated polymorphic malware that automatically changes to evade signature-based detection employed by antiviruses.
Companies can also use air-gapped sandbox computers to scan and test documents, but this often requires dedicated hardware and personnel to manage.
Malware disarming is emerging to be the preferred way to prevent file-based attacks. Unlike conventional as antiviruses and sandboxes, such solutions can perform advanced scans that can detect sophisticated malware.
But aside from merely scanning the files, the documents are then sanitized, eliminating malicious codes. odix, for example, uses its TrueCDR (content disarm and reconstruction) technology to ensures that that the files are perfectly usable after cleanup.
2- Using Email with Strong Spam Filters
This year, 293 billion business and consumer emails were sent and received per day on average. This number is predicted to rise to 347 billion by the end of 2023.
With this, spam continues to increasingly become an effective cyberattack method. People clicked on links in 14.2 percent of spam emails in 2018.
Work emails are just as exposed. Employees are likely to click on spam email links and download and run potentially dangerous attachments.
Some small businesses may rely on the free email accounts that come with their website hosting packages. Unfortunately, such accounts are often poorly-secured and do not have the necessary security and filtering features that screen malicious emails.
To thwart these threats, companies can integrate stricter spam filters that can safeguard all inboxes of the company by blocking spam emails.
A more stringent measure is to adopt a solution like odix Mail. It acts as a mail proxy for the company’s mail server. All attachments contained in incoming emails are intercepted. These are then scanned and sanitized using odix’s core engine. Once these files are cleaned, they are reattached to the message and finally sent to the intended recipient’s inbox.
3 – Being Wary of Removable Media
Flash drives, external webcams, and other USB peripherals can be weaponized to infect a device or network.
However, employees tend to plug in media and devices without much care, thinking that antiviruses can readily check for malware via real-time security.
Unfortunately, hackers can cleverly disguise malware in these removable media to evade standard scans. Weaponized USBs are also used to breach even air-gapped systems.
SMBs can counter USB-based threats ensuring that no unauthorized personnel can plug in USB peripherals to their computer system. Network and operating system policies can be defined to withhold privileges that allow the insertion of removable media on workstations.
As an alternative, companies can use tools like odix’s Kiosk product which is a dedicated file sanitation workstation where users can insert their removable media.
The Kiosk acts as a gatekeeper to all files contained in USBs and disc drives. These documents are examined and cleaned of potential threats, ensuring that no malicious files from such media ever get sent over the network. The sanitized files can then be sent to the user’s email.
4 – Training Users to Avoid Phishing
Preventing file-based attacks also requires users to change their mindset and behavior. This includes making sure that they don’t fall for social engineering attacks like phishing.
Phishing is the fraudulent practice of sending deceptive emails to extract personal and financial information from an unsuspecting victim. The wide use of email has also made it one of the preferred methods of cybercriminals.
Phishing emails are carefully crafted to imitate real correspondence from trustworthy sources such as government offices, HR, or financial institutions.
SMBs should provide proper training to their employees to teach them to spot suspicious emails and links. Staff should also be trained to always check any file downloaded online or from emails for safety and legitimacy.
Having solutions like odix in place does help minimize the potential exposure of companies since tasks such as checking attachments and work documents are automatically performed. Still, it pays to have employees with the proper knowledge on how to safely and adequately use technology resources.
5 – Improving Access Control
Most SMBs use servers or cloud storage to keep and share files to clients and employees from any device at any time. These can be a cost-effective solution that also prevents sensitive data loss.
However, without appropriate security measures, these online components may be exposed to attacks.
Users may use weak passwords for their accounts which hackers can easily crack to gain access to these repositories. Not only can they steal data, but they can also implant malware in the stored documents to further spread malware.
To make sure that all accounts are made safe, companies can use identity and access management (IAM) platforms. An IAM service can authenticate employees and give them access to different applications or files in the cloud. It also features multi-factor authentication to provide additional security to protect from unauthorized access.
Taking Security Seriously
Some SMBs assume that cyber criminals will only target big corporations. But there’s no such thing as “too small” for hackers these days. Cybercriminals like to target SMBs precisely because of this mentality.
With 43 percent of cyberattacks targeted at SMBs, it is only prudent for organizations to take cybersecurity seriously. Enterprise providers like odix are now also expanding their reach to SMBs, so modern solutions are already within reach.
By equipping themselves with the necessary tools and training their employees on how to protect themselves from cybersecurity threats, SMBs are not only safeguarding their business but also their customers and staff as well.
Credit: The Hacker News By: noreply@blogger.com (The Hacker News)
