Adaptive Redaction

English Translation: 
AR
English

PCI Compliance: How to Automatically Redact Credit Card Information from Inbound Email

An often-overlooked challenge when it comes to PCI compliance are the occasions where customers ‘helpfully’ email their credit card details in an attempt to expedite an order or refund, or when they have issues ordering online. These actions are in fact the very opposite of helpful and can cause issues for organizations who need to protect payment card data in compliance with PCI DSS (Payment Card Industry Data Security Standard).

Historically, IT and compliance teams have relied on employees to manually delete these emails, report the issue for further tracking and respond back to the customer in a separate message, letting them know that it is not company policy to accept payment card information through this communication channel. However, this manual approach to credit card data security exposes both the customer and organization to undue risk and error.

To address this challenge, organizations use PCI-compliant email gateways with automated scanning and data redaction technologies to remove payment card data before the email reaches its intended recipient. As a result, this helps ensure PCI compliance, while also avoiding having to manually clean-up a trail of PCI data left behind.

Adaptive Redaction: An Automated Solution for PCI Compliance

The Secure Email Gateway from Clearswift uses Adaptive Redaction technology to automate the scanning and redacting of payment card information (or other sensitive and inappropriate data) prior to it entering the organization. Thanks to Optical Character Recognition (OCR) scanning, this even includes payment card information sent as scanned images or photographs.

In real time, a Deep Content Inspection Engine completely disassembles inbound messages, detecting and removing only the information that breaks PCI DSS guidelines, while allowing the rest of the message to go ahead unhindered. This ensures that there is continuous approach to collaboration and communication, while removing the risk of inappropriately shared information.

PCI-Compliant Email Protection from Day One

Setting up PCI policy rules within the Secure Email Gateway is easy thanks to the pre-defined PCI and PII tokens designed to simplify policy definition and deployment. The Secure Email Gateway also uses Lexical Expression Qualifiers to validate sensitive information. This minimizes the number of false positives, as it understands when a number might look like payment information but isn’t.

To find out more about how the Secure Email Gateway transforms email from a high-risk communication channel to one that’s PCI compliant, ask us for a demo.

Ask us for a demo

Related Resources:

Datasheet: Secure Email Gateway

White Paper: PCI Compliance Best Practice Guide

Solution Brief: Clearswift OCR

Debunking Cybersecurity Jargon Part Four – What is Optical Character Recognition?

As part of our on-going blog series explaining some of the many acronyms and pieces of jargon that bedevil the cybersecurity industry, we turn our attention to optical character recognition technology or OCR as it is commonly known.

Clearswift added OCR functionality to all of its core email and web security products to help organizations combat the risk posed by the millions of image files that are shared in, out and around corporate networks, as well as those uploaded and downloaded to cloud file sharing apps or the web.

Images: A Major Data Loss Risk to Organizations

Under data privacy laws, organizations are required to protect the sensitive information belonging to its customers, employees and partners so that the data does not end up in the wrong hands. To help remain compliant, organizations deploy data loss prevention (DLP) solutions to scan content being shared on the network to ensure that sensitive data is not included, and if it is included and authorized, to make sure the data is encrypted.

Today there are so many ways in which sensitive information or confidential documents can enter or leave the organization, for example, a screenshot of a customer record sent as an attached image or a PDF created by scanning physical documents using a multi-function printer. DLP solutions need to ensure that all content travelling on the network is inspected, yet very few scan image files to monitor this threat, particularly hosted security platforms due to the cost per unit overhead of scanning.

OCR: A Technology to Aid Compliance

OCR enables the analysis of every day image files such as PDFs, JPGs, PNGs, GIFs and BMPs allowing them to be processed using DLP functionality. Just as Clearswift’s Data Redaction option removes sensitive text from Microsoft Word or Excel files, OCR identifies sensitive data in images allowing them to be automatically masked (black boxed) if found.

Due to the depth of content inspection provided, even images embedded in an Excel spreadsheet, which is embedded in a Word document, which is scanned to PDF and shared as a ZIP file attached to an email is detected, analysed and any sensitive information removed, allowing the safe file to continue to its destination. Clearswift’s OCR functionality supports 20 different file formats and 48 languages, providing a comprehensive level of capability.

This automated bi-directional redaction capability not only protects the organization from employees accidentally sharing sensitive or confidential image files, and malicious insiders attempting to leak data, it also protects the organization from any unwanted data it receives. This might be images of credit cards sent by customers keen for a refund or third parties sharing unauthorized content.

Protect Against Data Loss Through Images

Optical Character Recognition (OCR) is an option for the Clearswift Secure Email Gateway, Secure Exchange Gateway, ARgon for Email, and Secure Web and ICAP Gateway products. For more information on how it works, ask for a demo from the team.

Ask us for a demo

Related Resources

Datasheet: OCR

On-Demand Webinar: How Images and Scanned Documents Present a Cybersecurity Risk for Organizations

Debunking cybersecurity jargon

Debunking cybersecurity jargon part two – what is a deep content inspection engine?

Given the prevalence of jargon and technical terms within the cybersecurity sector, we have launched a series of blog posts that look to debunk some of those terms and explain what they are in more detail.

We have already looked at Adaptive Redaction, a technology that Clearswift brought to the sector, now we turn our attention to Content Filtering and Inspection and ask..

What is a Deep Content Inspection Engine?

Every product in the Content Filtering market has some form of Content Inspection Engine.

Its purpose is to understand the structure of a transfer and what content is contained within it. It checks that the content does not include PCI, PII or other such sensitive data that might violate the rules defined by the organization. It also checks for harmful files such as executables that can be hidden within zip files and contain a potentially damaging virus.

Transport protocols such as SMTP and HTTP and file formats are often abused. Sometimes this is accidental, but mostly it is in a deliberate attempt to avoid detection or to cause an impact to mail servers or clients in the form of buffer overruns. In April 2020, there was a case where hackers used SMTP to exploit a vulnerability in Apple’s iOS mail client in an attempt to highjack VIP phones.

Clearswift developed its filtering technology with both security and performance in mind. If it spots potential violations, files are flagged for inspection or configured to pass through policy. The inspection process takes place on traffic coming in and out of the organization and it can handle multiple protocols.

The content scanning is a multi-stage process. For each file it:

• Identifies the file type by file signature
• Verifies the file structure conformity (checking to see if data is piggybacking onto other files)
• Extracts content that violates rules in zipped or compressed files, document body, headers, footers, or embedded objects
• Strips metadata from documents and image files
• Records what it removed

By default, Clearswift’s Content Inspection Engine iterates down to 50 levels. The level of structural verification and content inspection it performs is far greater than other products on the market, hence the name Deep Content Inspection Engine.

Game-changing Technology

The Clearswift Deep Content Inspection Engine was the first product to perform the automatic redaction and sanitization of content. As well as decomposing file formats, the Deep Content Inspection Engine modifies the content to remove the threat – whether that’s sensitive data or malicious code – and rebuilds the file in its original format. Other products perform a similar task but generate an alternative or read-only file format which typically breaks workflows, carries no resemblance to the original file, or just takes time. With automatic Adaptive Redaction there is no delay, and the recipient receives a sanitized, workable copy of the file.

Clearswift also added Optical Character Recognition (OCR) technology so that when the Deep Content Inspection Engine finds images (in attachments or embedded in documents), it scans for text. If it finds text that breaks policy, it is redacted, the file is then rebuilt in its original format and sent on its way.

Steganography can be used to exfiltrate information by concealing valuable intellectual property or hiding malware in plain sight. To prevent this, the Deep Content Inspection Engine also sanitizes image files to ensure that data or malware has not been embedded using steganographic tools.

Keeping Organizations Safe and Secure

The Deep Content Inspection Engine lies at the heart of all Clearswift cybersecurity solutions. It filters and closely inspects content as it enters or leaves the organization, keeping it safe from threats and preventing unwanted data breaches. To find out more, why not ask us for a demo.

Ask us for a demo

Related resources:

Debunking cybersecurity jargon part one – what is Adaptive Redaction?

Redaction Blog Image

Debunking cybersecurity jargon part one – what is adaptive redaction?

Like many industries and areas of technology, the cybersecurity sector is prone to using jargon, technical terms, and acronyms that can confuse even the most seasoned industry insider. We work with businesses and public sector organizations all over the world and during our many meetings and interactions, we invariably get asked at least once, ‘what is that?’

To try and head off any confusion, we are launching a series of blog posts that aim to explain precisely what we mean by certain industry terms and phrases. Others may have a slightly different interpretation, but this is ours and we are sticking to it.

First up – what is Adaptive Redaction?

Addressing the ever-evolving cyber threat

For most organizations, ensuring they are well-protected against cyber-attacks and accidental data loss is, from a data security point of view, their biggest priority. They have seen the damage and disruption that can be caused by a data breach, and they will have noted the heavy financial penalty if they are found to be non-compliant with GDPR, not to mention the flood of compensation claims and loss of reputation that can follow.

To combat the variety and volume of cyber risks faced by the organization, defensive measures are put in place. Some of these security solutions ‘stop and block’ any email, web or endpoint transfers deemed to have risk implications. Such measures certainly keep the business secure, but they also impact the efficiency of the day-to-day operations.

For example, the management overhead on the messaging or security IT teams can be significant and when emails and documents are blocked unnecessarily it can delay important business. Overzealous filters can start to frustrate employees, especially when they are chased for documents they may have sent hours ago, and when this happens, they start to find other ways to share information, opening the organization up to more risk.

Finding the balance between the need to protect the organization and the ability to freely collaborate can be difficult to achieve, and that’s what makes Adaptive Redaction such an innovation. It provides the cybersecurity protection needed by today’s organizations but also ensures that employees can get on and do their jobs safely and effectively.

Clearswift Adaptive Redaction

Clearswift was the first company in the world to offer Adaptive Redaction and it is still something that differentiates us from other cybersecurity vendors. Adaptive Redaction involves the identification of critical or confidential information and cyber threats which are either redacted or sanitized to allow the on-going flow of communication – with no disruption.

There are three main options for using Adaptive Redaction:

  1. Text redaction - this covers both inbound and outbound communication and removes the sensitive text in question from emails and documents. Exactly what data is removed depends entirely on an organization’s policy, it can be based on regulation (GDPR, HIPPA), critical data (PCI, PII), keywords (IP or classified projects) or other criteria. Clearswift’s Optical Character Recognition (OCR) functionality even allows the extraction of text from image-based files which are then redacted from the image as well.

    Before

    After

  2. Document sanitization - Provides the automated removal of hidden metadata such as comments and revision history, along with the removal of author, username, and server names etc., so that the information can’t be harvested for phishing attacks. Additionally, Clearswift’s solution uses anti-steg functionality, which means that data hidden in image files can be wiped clean too.

  3. Structural sanitization - this allows for the wholesale removal of any malicious code without any delays to sharing and access. This method of Adaptive Redaction stops embedded macros, scripts, and ransomware from entering a corporate network, whether via phishing emails, drive-by downloads, or attacking uploads.

See Adaptive Redaction in action.

Ask us for a demo

Related resources:

Clearswift Adaptive Redaction

Clearswift Document and Structural Sanitization

How to neutralize the rising threat of ransomware

Next generation of cyber threats: images

情報セキュリティ

情報セキュリティのオールマイティ ソリューション

現代のサイバー セキュリティが抱える数々の問題点。フィッシング詐欺を目的とした個人情報の漏えいや、マルウェア ペイロードを埋め込んだ悪質なドキュメント、組織のネットワーク内外に蔓延する「終わりなき脅威」に立ち向かうことのできる高度な検査能力、そして優れたリダクション (情報の秘匿化) とサニタイゼーション (情報の除去) 機能を備えた情報セキュリティ ソリューションが、問題解決の鍵を握ります。

Japanese

The top 3 emerging technologies posing a cyber-threat to our Critical National Infrastructure

In the last few years, we’ve seen digital transformation take over the mindset of businesses and there has been a huge push to ensure that organizations in all sectors are adopting technology that is at the forefront of innovation. Every sector from marketing to manufacturing now has some aspect of digitalization and we’re seeing everything from AI to quantum computing being embraced to leverage greater efficiency, service and profitability.

However, in the race to adopt, many organizations are failing to recognize the impact of emerging technologies on cybersecurity. Nowhere is this more applicable than in the CNI space – where our nation’s most critical data resides – where it’s vital that the security measures match that of the technology that has been introduced. While email security will always be important to the protection of data, it might not align with the use of messaging apps to share files. The secure firewall protecting data servers probably doesn’t extend to the data being used to train an automated risk management platform.

So out of the myriad new technologies being introduced into the CNI space, which are providing the biggest risk?

 

  1. 1.       Internet of Things

IoT is now a fact of life. From our phones to our fridges, from fitness monitoring to coffee machines, IoT is everywhere, and this goes for the CNI space too. More and more we’re seeing an integration of IoT into everyday operations and processes – everything from the monitoring of industrial equipment to medical equipment to defense communication systems. IoT can certainly help organizations become more effective – but they also create new risks and threats to critical infrastructure and services.

Because of IoT, more sensitive data is being shared digitally and at a fast pace. The data being stored by any company using IoT is more extensive than ever, so if there was an attack on the system, billions of data points could be compromised. For example, we have seen pirates hacking into IoT-enabled freights in order to access the larger network to steal bills of lading and identify the most valuable cargo aboard specific container ships.

Many companies only think about the individual device and forget the fact that one device connects to an entire eco-system. An IoT freight cargo is also connected to the whole shipping and the entire network of similar devices, databases and reports its data feeds into. One small compromise can result in the larger system falling victim to the cyber-attack. Security is only as strong as the weakest link.

 

  1. 2.       Artificial Intelligence

AI is changing the way businesses operate. From the factory floor to back-end IT, automation is increasing speed and productivity, constantly learning and developing based on the vast quantities of data it processes. In theory then, AI is the perfect solution for cybersecurity where security monitoring data is growing at an almost exponential rate and conventional methods of processing it are starting to fail – something malicious actors recognize and are developing new methods of attack to take advantage of.

However, AI can also be (ab)used by a malicious player, causing catastrophic consequences. For example, last year, Darktrace identified an attack against one of its customers that used AI to observe and learn patterns of user behavior inside a network so it could go on to mimic this and blend into the background so as not to be spotted by security tools. Going undetected, this allows cybercriminals to infiltrate networks for longer periods of time and gain access to an organization’s most critical data. With AI being used in healthcare to augment diagnosis, what would be the impact if this was compromised?

 

  1. 3.       5G

The recent arrival of 5G, with significantly faster speeds, increased capacity and lower latency, will change existing operating environments forever. However, these benefits come at the expense of growth in the attack surface. The 5G-enabled devices and networks that underpin CNI operation could be compromised by new and traditional attacks, causing major chaos. 

For example, the increased speed of a 5G network could be more readily used in a DDoS-style attack. Furthermore, with the increase in use, because of the increased bandwidth, the network itself will become a greater target. Where systems rely on real-time and continuous communication of data from large numbers of sources, for example in transportation networks, this has the potential to create chaos. And if we think about the future of this sector, with greater numbers of autonomous vehicles on the road – which will rely heavily on 5G connections for data transfer and decision making – there are potentially life-threatening consequences to an attack.

 

So, what do we do?

The first step is to understand what the new technologies are and then to look at the potential risks and consequences. After this is it possible to plan to mitigate the risk. When it comes to CNI, it might be thought that the Government would put in place, and rapidly change, regulations guarding its safety. However, this is not the case – for many reasons, including competitive advantage and the need to synchronize regulations with the EU and or the rest of the world. Threats change at a much greater pace than governments can react. So, the onus is put on organizations to ensure that the adoption of new technologies is done in a secure manner. Whether this is the MoD or an electricity company, or the supplier of a widget to a CNI organization.

Unfortunately, there is no silver bullet when it comes to cyber-security, but there are three areas which need to be addressed:

People

Education is everything in the fast-changing nature of technology. Organizations must ensure they understand the risks of any new technology they install as this will be key to properly securing it. This is not just the IT team, everyone working with critical data and new technologies need to understand the risks and how to mitigate them as well. Regularly read up on the risks of new technologies and have the security team hold sessions that explain how an attack could occur and what to do if one is suspected. The goal is to develop a culture that encourages innovation but is also aware of the risks new technology can bring in order to keep information safe.

Processes

Establish clear processes for implementing new technologies. For example, make it mandatory for the security team to be involved in every discussion about investing in technology so they are aware of what they need to do in order to prepare to secure the devices and the data at the point of installation. Ensure there are processes in place for if there is a problem – who to contact, what’s the chain of events to minimize the impact.

Technology

Technology is there as the last line of defense, to help enforce policies and ultimately to keep people and information safe.  Use established security technology to protect data at every point. For example, traditional email and web security solutions – such as Clearswift’s SECURE Gateways – can be integrated into new scenarios to ensure there is some level of security for new technologies. For systems connecting to the Internet through the network, traffic and the destination can be monitored. Clearswift’s Deep Content Inspection and  Adaptive Data Loss Prevention (A-DLP) solution has capabilities that go far beyond traditional DLP and network security. For example, features such as anti-steganography can guarantee that images are not used to convey malware or to leak sensitive information, while OCR can ensure that information is not leaked using images from multi-function printers and screen grabs.

Adoption of new technologies is the way forward; we can’t stay static to stay safe, but it is vital that organizations handling critical data, such as that within CNI organizations, are certain that their security measures are good enough to battle against the risks opened up by emerging technologies.

More Information:

Data Loss Prevention in Images

Next Generation Cyber Threats: Images

Cybersecurity is probably the most rapidly changing area of IT, and cyber-criminals are becoming increasingly more sophisticated in their bid to breach an organization's security and steal their crown jewels - their information. Traditional Data Loss Prevention (DLP) technology provides protection against the traditional threat of someone trying to send a file to an unauthorized individual, but it required a step change to enable Adaptive Data Loss Prevention with Deep Content Inspection (DCI) to address threats such as ransomware that is delivered embedded in innocuous-looking documents.

Clearswift delivered our first version of Adaptive Redaction in 2013 and have continuously improved the technology in every release since then. It was developed to modify the content of files on-the-fly to ensure continuous collaboration is achieved without the danger of critical information being shared with unauthorized individuals, or malicious content being received. However, new threats are emerging which need to be addressed, and image-based threats are at the forefront.

We often don’t give images a second thought. We download them every day and use them in presentations and documents all the time.  But in today’s world of digital collaboration, what sorts of risks can they pose and how can those threats be mitigated?  

These days the multi-function printer inside most organizations enables remote printing, standard photocopying and scanning to send as an attachment in an email. This last feature is the one which creates one of the latest risks currently being exploited. When the device scans the document, it typically creates a PDF – but each page in the document is actually an image. These images are not picked up and analyzed by most security or traditional DLP solutions, meaning those PDFs become a data loss risk. Any sensitive or confidential document can be readily copied into a PDF and sent out of the organization without being detected.

Optical Character Recognition (OCR) is a technique for analyzing images and extracting the text so that it can then be processed in the same way as a normal electronic document using DLP functionality. This issue with images is not restricted to scanned documents. Other techniques such as ‘screenshots’ can also be used to turn critical information into an image such as a JPEG, then shared via email or a Cloud collaboration application without being detected.  OCR enables images to be analyzed and DLP will prevent data leaks. OCR is available as an option for the Clearswift SECURE Email Gateway today, and for the Clearswift SECURE Web Gateway and Clearswift Endpoint DLP solution later this year.

A further enhancement to OCR analysis enables redaction of text in images, removing only the information which breaks policy by drawing a black box across the words. This is equivalent to the Clearswift Data Redaction option, but has now been extended to cover text in an image. With our DCI engine recursing by default to 50 levels deep, the image can be embedded in an Excel spreadsheet, which is embedded in a Word document, which is scanned to PDF, then shared via a ZIP archive attached to an email – Clearswift will detect the image, analyse it and redact any sensitive information, allowing the ‘safe’ file to continue to the recipient.

Images can also be used to ‘hide’ information in different ways. Some of this can be found in the document properties, for example, geographical co-ordinates as to where the picture was taken. This information can be used to identify locations and there have been a number of incidents with military personnel inadvertently leaking information through this means, or poachers using location data to track big game.

Document properties can also be subverted by a malicious insider to convey sensitive information outside the organization without suspicion. Document Sanitization is a technique to remove document properties to prevent that mechanism of data loss. Policy granularity means that only those properties which have been authorized are allowed to be used, the others are removed.

A technique called steganography can also be used to hide information in images. This is where tools can be used to subtly change the image by encoding and embedding the data, such that, to the naked eye, there is no visible difference and then it can be sent out, exfiltrating the information. A standard size image can easily hide several thousand customer contacts or account numbers. In this case, OCR will not help remove the risk as it isn’t a picture of the text. Steganography is an interesting technique as it is virtually impossible to tell if data has been hidden in an image. However, Clearswift’s anti-steganography functionality disrupts the image, such that no data can be extracted – but the image, to the naked eye, remains the same.

Furthermore, steganography is also used in botnets to communicate on the inbound traffic flow and download of malicious payloads to general purpose malware.  The same anti-steganography techniques can be used to disrupt that communication channel to keep the organization safe.

Images are often overlooked, however, a new generation of threats is emerging which uses them. Clearswift’s Advanced threat protection and DLP functionality can mitigate the threat, helping the organization stay safe.

More Information

The Top 5 Cyber Threats that Brexit Brings

The Top 5 Cyber Threats that Brexit Brings

Regardless of your thoughts on Brexit, it can’t be denied that the drawn-out process has created mass confusion as firms rush to prepare for an unpredictable future.  Because of this, we decided to survey IT decision-makers in UK enterprise organizations to determine the effects of an uncertain Brexit had on cybersecurity spending habits.

Our data shows that 53% of firms are increasing their cybersecurity budgets in preparation for a rise in threats once we leave the EU. Businesses anticipate that Cybercriminals will seek to use confusion to their advantage, whether that is through malware attacks or targeted phishing campaigns to coerce critical data or financial gain from organizations.

So, what are the top 5 post-Brexit threats identified by businesses?

 

  1. 1.      Malware: 49%

Malware is a broad term encapsulating the myriad of techniques cybercriminals use for gaining access to critical data – whether it may be a Trojan horse, spyware or one of the many other forms of malicious code. While the means may vary, the objective remains the same: to gain access to the corporate network to steal data. The warning signs of a compromised network (missing files, changed login credentials, etc.) can be detected by a trained eye, but these signifiers may be misinterpreted as ‘business as usual’ amongst firms rushing to adapt to the changes Brexit brings.

To mitigate this risk, organizations must have advanced email and web security solutions deployed to ensure malware does not disrupt business, as well as threat detection systems to assist in the identification and quarantine of malware. Advanced email and web solutions can mitigate the risk, as they have the ability to automatically remove malicious links detected in email and attachments, or from documents downloaded from the web, before the threat executes within the corporate network. This protects the organization from staff mistakenly clicking on malicious links which is the most common reason behind cyber-attacks being successful.

 

  1. 2.      Phishing: 40%

Phishing attacks epitomize the ‘cast a wide net’ approach to cybercrime. An example of this is ‘spear-phishing’ attacks on targeted firms. This involves an email being sent to employees at a firm – ostensibly from the CEO or CFO – asking employees to share sensitive bank account information or requesting funds be transferred into a spoofed bank account. Whilst these are significantly less effective (on a 1:1 scale) than some of the more insidious forms of hacking, what they lack in refinement, they make up for in scale.

It only requires a single worker to fall for the ruse. To offset this, employees need to be educated on the signs to look out for in a phishing email as part of an ongoing cyber training program.  In addition, employing technology such as Adaptive Redaction will ensure that any employees who might take the ‘bait’, are incapable of sharing critical information or credentials as the technology will automatically redact sensitive information being sent to a recipient that not authorized to receive it.  The technology is automated and a failsafe to ensure that no sensitive data can be leaked from within the network, either intentionally or otherwise.

 

  1. 3.      Ransomware: 40%

As one of the fastest growing forms of cyber-attack, ransomware poses a serious threat to firms post-Brexit.  Ransomware is malicious code loaded onto a network to isolate critical data, which the hackers then demand a hefty ransom to either release back to the firm, or in some cases destroy it (as opposed to sharing it with competitors).  Cybercriminals will frequently pose as clients or partners via email and will seek to obfuscate and confuse employees into opening a file containing the malicious code. As Brexit looms, one method of attack could involve would-be hackers posing as ‘official’ comms or Brexit-orientated advisors, in an attempt to gain entry to a corporate network.

These attacks can be prevented through employee education sessions on how to identify these dangerous emails, as well as having an advanced threat protection solution installed to detect and strip malicious code before it penetrates the network.

 

  1. 4.      Nation-State Cyber-Attacks: 39%

As the world has changed, so has its battlefields. Once, nations duked it out through their conventional militaries, but in the 21st century, many nations’ resources have shifted from tangible materials to the more ethereal. Intellectual property, industrial secrets, cyber-currency and critical data are all targets for nation-state sponsored cyber-attacks, often intended to disrupt national infrastructure, weaken economies and generally cause trouble for opposing states. Firms with globalist ambitions or foreign rivals are particularly susceptible to attack from these threats, but that’s not to say that no other businesses can be affected.

As nation-state attacks can vary broadly in their methodology, organizations must ensure that every aspect of their corporate network is secured against an attack. Many firms may not realize they are part of a nation’s critical national infrastructure but act as an important facet of the overall supply chain, making them a target for nation-state attacks. A key example would be the Norsk Hydro owned aluminium plants, which were forced to shut down for a number of days following a hack that left them unable to continue production safely. Whilst the hack later turned out to be a ransomware attack, the inability of these factories to produce key supplies is indicative of the potential disruption a state-sponsored cyber-attack can bring.

 

  1. 5.      Changing Regulation: 37%

Although not commonly thought of as an aspect of cybersecurity, compliance with ever-changing regulations is a critical facet of a strong cyber defense. Firms may be charged with incredibly damaging – indeed, even business-destroying – fines if they are found to not be complying with the latest regulations. As the fines levied in the wake of GDPR has shown, even seemingly inconsequential actions such as sending an email to the wrong recipient could have staggeringly devastating consequences, with fines of up to  €20m or 4% in annual turnover.

This is subsequently seeing the increased take-up of advanced data loss prevention technology that can support organizations to automatically protect sensitive information from being shared outside of the corporate network, including detecting if an email is being sent to an unauthorized recipient, thus negating the possibility of a breach in data regulation legislation.

As Brexit confusion increases and Britain’s future remains uncertain, firms must ensure that they are prepared for a rise in cyber-crime from opportunists seeking to exploit the chaos and confusion leading up to the UK’s withdrawal from the EU.


Additional Info:

Renforcer la protection contre les cybermenaces dans Microsoft Office 365

Renforcer la protection contre les cybermenaces dans Microsoft Office 365

Dans notre dernier billet de blog, nous avions évoqué le risque lié à la réception de données sensibles non souhaitées par courrier électronique et au partage en interne d'informations sensibles entre différents départements de l'entreprise et donc le besoin de fonctionnalités avancées de protection des données aussi bien pour les systèmes de messagerie sur site que pour les environnements Microsoft Office 365 (O365) afin d'atténuer ces risques. Cependant, en matière de sécurité de l'information, ce n'est pas seulement le risque de recevoir des données sensibles non souhaitées ou par accident dont les entreprises devraient se méfier. En effet, Microsoft Office 365 a été rapidement adoptée par tant de secteurs et d'entreprises de toute taille que cette plateforme est devenue la cible de prédilection des cybercriminels.

Le Centre national de cybersécurité britannique (NCSC) a récemment publié un rapport consultatif qui fait le point sur les moyens utilisés par les cybercriminels pour compromettre la plateforme O365 et utiliser des comptes O365 compromis pour en tirer un profit financier. Ce rapport révèle que les attaques contre les messageries d'entreprise, dont O365, ont coûté plus de 5,3 milliards de dollars de pertes aux entreprises entre 2013 et 2016.

Ingénierie sociale (harponnage)

Les travaux menés par Clearswift ont permis de découvrir que les emails de harponnage sont considérés comme la menace la plus dangereuse pour les entreprises, toutes plateformes de messagerie confondues. En fait, le stratagème le plus souvent déployé par les pirates pour accéder à des comptes O365 consiste à lancer des attaques par hameçonnage ciblé, autrement dit en recourant à du harponnage ou à de l'ingénierie sociale.

Pour mener une attaque par harponnage, un cybercriminel envoie un ou plusieurs courriers électroniques à des employés. En apparence crédibles, ces courriers souvent envoyés par des supérieurs hiérarchiques et des fournisseurs qui invitent à cliquer sur un lien qui est en fait malveillant... Après avoir cliqué sur le lien, l'employé est redirigé vers une page de connexion usurpée qui permet au pirate de collecter des informations sensibles, notamment les identifiants de connexion que l'employé a fournis sans prendre garde. Fort de ces informations, l'attaquant peut ensuite dérober des informations sensibles stockées dans le Cloud, se faire passer pour le détenteur du compte, diffuser d'autres emails de harponnage depuis un compte légitime ou encore envoyer une charge active de ransomware via le réseau. Ces types d'attaque sont souvent détectés tardivement si bien que le pirate a le temps de dérober les informations qui lui permettront de causer des dégâts majeurs à n'importe quelle entreprise.

Accès non autorisé

Pirater un compte à l'aide d'une séquence de mots de passe évidents est un autre moyen couramment utilisé par les cybercriminels pour accéder à l'environnement O365. Même si l'un des atouts de la plateforme Cloud O365 est son accessibilité généralisée pour les collaborateurs, cela peut néanmoins représenter une menace pour la sécurité car, du coup, les cybercriminels bénéficient du même type d'accès. En effet, si un pirate collecte le mot de passe d'un employé, il pourra accéder instantanément à son compte puis à l'ensemble de l'environnement O365.

Cette plateforme étant conçue pour faciliter l'accès à distance, l'identification des accès non autorisés à des comptes n'est pas instantanée, ce qui facilite grandement la tâche des pirates qui peuvent ainsi multiplier les tentatives de connexion afin d'accéder à un compte. De plus, cibler un seul employé à la fois, plutôt que chaque employé d'une entreprise, réduit encore le risque de détection, si bien qu'après avoir accédé à un compte, un cybercriminel peut très facilement progresser dans le système de l'entreprise.

Accéder au compte d'un employé spécifique permettra à un individu malveillant de consulter des documents et des bases de données puis de dérober des informations sensibles stockées sur la plateforme et dans les courriers électroniques. Ce pirate pourra également configurer des règles de réacheminement afin que le compte compromis envoie des copies des emails reçus et envoyés à une adresse de messagerie tierce sans que cela puisse être détecté...

Procédure pour atténuer les menaces et les risques

Authentification multifactorielle

Nombreux étant les employés qui utilisent un mot de passe pour accéder à de multiples plateformes et services, il suffit aux pirates de dérober ou de deviner un mot de passe pour accéder à tout un ensemble d'informations. L'authentification multifactorielle (MFA) ajoute une couche de protection supplémentaire à la plateforme O365 en exigeant un deuxième voire, dans certains cas et lorsque les informations sont très sensibles, un troisième mot de passe qui empêchera un pirate de pouvoir accéder à un compte même s’il a réussi la première phase d'identification. Un deuxième facteur est ensuite utilisé pour vérifier la légitimité des connexions. Il peut s'agir d'un autre mot de passe ou bien de caractères provenant d'une phrase de passe, d'un jeton de sécurité ou bien d'une application avec un numéro qui change sans cesse, d'une empreinte digitale, de reconnaissance faciale ou même d'un scan de l'iris.

Formation et sensibilisation

Former les employés aux signes qui indiquent une activité malveillante menée via la messagerie électronique réduira le risque qu'ils cliquent sur des liens malveillants qui faciliteront des attaques par hameçonnage. Des déjeuners de travail, des webinaires ainsi que des guides sur les menaces destinés au personnel sont des moyens efficaces de sensibiliser et de cultiver le personnel. Associer des sessions de prévention des menaces à un traitement des données sensibles basé sur les bonnes pratiques contribuera à renforcer la sécurité globale de l'entreprise. Animer une session sur la cybersécurité avec l'équipe informatique lors de l'accueil de nouveaux collaborateurs permettra de mieux les préparer à comprendre et se conformer aux politiques et aux procédures de sécurité de l'entreprise.

Renforcer la sécurité d'O365 grâce à des fonctionnalités avancées

L'intégration de fonctionnalités avancées de prévention des menaces et de protection des données à O365 permet d'améliorer les fonctionnalités de sécurité existantes de la plateforme. La solution complémentaire de Clearswift pour O365 peut être facilement déployée pour inspecter en profondeur tout le contenu du trafic entrant, sortant ou interne de la messagerie qui transite via la plateforme, aussi bien dans les messages électroniques que leurs pièces jointes. Cette solution détecte et anonymise automatiquement et en temps réel les URL malveillantes ainsi que les données sensibles (les informations IPI, PCI, etc.). Elle facilite la livraison de communications épurées de tout danger plutôt que de les bloquer brutalement à des fins d'audit et de contrôle. La fonctionnalité d'anonymisation contextuelle supprime les codes malveillants intégrés ou les informations sensibles avant que le courrier électronique arrive dans la boîte de réception de l'employé. Il y a ainsi moins de risques de cliquer sur un lien malveillant inséré dans un courrier électronique d’hameçonnage ou d'envoyer/recevoir des informations sensibles par erreur pouvant provoquer une fuite de données au niveau de l'entreprise.

Profiter de la possibilité d'ajouter des applications tierces pour renforcer la sécurité d'une plateforme O365 améliorera la protection des données critiques stockées dans le Cloud tout en permettant aux employés de faire leur travail sans perturbations.

Informations supplémentaires